CVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

CVSS v3 8.1 HIGH
CVSS v2.0 4.6 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:S/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734	Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Mailing List Release Notes Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/Jan/44	Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3446	Third Party Advisory
http://www.openssh.com/txt/release-7.1p2	Patch Release Notes Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/01/14/7	Exploit Mailing List Technical Description Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
http://www.securityfocus.com/archive/1/537295/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/80698	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034671	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2869-1	Third Party Advisory
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/	Release Notes Vendor Advisory
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/	Release Notes Vendor Advisory
https://bto.bluecoat.com/security-advisory/sa109	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	Third Party Advisory
https://security.gentoo.org/glsa/201601-01	Third Party Advisory
https://support.apple.com/HT206167	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:oracle:linux:7:::::::*
	cpe:2.3:o:oracle:solaris:11.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:openbsd:openssh:5.4:::::::*
	cpe:2.3:a:openbsd:openssh:5.4:p1::::::
	cpe:2.3:a:openbsd:openssh:5.5:::::::*
	cpe:2.3:a:openbsd:openssh:5.5:p1::::::
	cpe:2.3:a:openbsd:openssh:5.6:::::::*
	cpe:2.3:a:openbsd:openssh:5.6:p1::::::
	cpe:2.3:a:openbsd:openssh:5.7:::::::*
	cpe:2.3:a:openbsd:openssh:5.7:p1::::::
	cpe:2.3:a:openbsd:openssh:5.8:::::::*
	cpe:2.3:a:openbsd:openssh:5.8:p1::::::
	cpe:2.3:a:openbsd:openssh:5.9:::::::*
	cpe:2.3:a:openbsd:openssh:5.9:p1::::::
	cpe:2.3:a:openbsd:openssh:6.0:::::::*
	cpe:2.3:a:openbsd:openssh:6.0:p1::::::
	cpe:2.3:a:openbsd:openssh:6.1:::::::*
	cpe:2.3:a:openbsd:openssh:6.1:p1::::::
	cpe:2.3:a:openbsd:openssh:6.2:::::::*
	cpe:2.3:a:openbsd:openssh:6.2:p1::::::
	cpe:2.3:a:openbsd:openssh:6.2:p2::::::
	cpe:2.3:a:openbsd:openssh:6.3:::::::*
	cpe:2.3:a:openbsd:openssh:6.3:p1::::::
	cpe:2.3:a:openbsd:openssh:6.4:::::::*
	cpe:2.3:a:openbsd:openssh:6.4:p1::::::
	cpe:2.3:a:openbsd:openssh:6.5:::::::*
	cpe:2.3:a:openbsd:openssh:6.5:p1::::::
	cpe:2.3:a:openbsd:openssh:6.6:::::::*
	cpe:2.3:a:openbsd:openssh:6.6:p1::::::
	cpe:2.3:a:openbsd:openssh:6.7:::::::*
	cpe:2.3:a:openbsd:openssh:6.7:p1::::::
	cpe:2.3:a:openbsd:openssh:6.8:::::::*
	cpe:2.3:a:openbsd:openssh:6.8:p1::::::
	cpe:2.3:a:openbsd:openssh:6.9:::::::*
	cpe:2.3:a:openbsd:openssh:6.9:p1::::::
	cpe:2.3:a:openbsd:openssh:7.0:::::::*
	cpe:2.3:a:openbsd:openssh:7.0:p1::::::
	cpe:2.3:a:openbsd:openssh:7.1:::::::*
	cpe:2.3:a:openbsd:openssh:7.1:p1::::::

Configuration 3 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 4 (hide)

cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-01-14 22:59

Updated : 2022-12-13 12:15

NVD link : CVE-2016-0778

Mitre link : CVE-2016-0778

CVE.ORG link : CVE-2016-0778

JSON object : View

Products Affected

oracle

linux
solaris

apple

mac_os_x

openbsd

openssh

virtual_customer_access_system

sophos

unified_threat_management_software

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2016-0778", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2016-01-14T22:59:02.280", "references": [{"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "tags": ["Mailing List", "Release Notes", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://seclists.org/fulldisclosure/2016/Jan/44", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2016/dsa-3446", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openssh.com/txt/release-7.1p2", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2016/01/14/7", "tags": ["Exploit", "Mailing List", "Technical Description", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/537295/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/80698", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1034671", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2869-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bto.bluecoat.com/security-advisory/sa109", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf", "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/201601-01", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://support.apple.com/HT206167", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings."}, {"lang": "es", "value": "Las funciones (1) roaming_read y (2) roaming_write en roaming_common.c en el cliente en OpenSSH 5.x, 6.x y 7.x en versiones anteriores a 7.1p2, cuando ciertas opciones proxy y forward se encuentran habilitadas, no mantiene adecuadamente los descriptores de archivo de conexi\u00f3n, lo que permite a servidores remotos causar una denegaci\u00f3n de servicio (desbordamiento de buffer basado en memoria din\u00e1mica) o posiblemente tener otro impacto no especificado mediante la petici\u00f3n de varios reenv\u00edos."}], "lastModified": "2022-12-13T12:15:19.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B"}, {"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA9D704A-D1E7-4989-9136-1EAD72EF6BE5"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78735121-6BA0-4158-B3D5-E4BACCA5E95A"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270BABBA-70A8-4FC7-962D-0D0D40F4497F"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A710EC9F-1352-4DF0-B1CF-9C51ACB078CB"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA4F797B-8E2C-41AC-AA29-D6B50A539B2F"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F482203-0CF1-403C-A25C-9B0DA24F6282"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E74684E-71D3-4458-A8BA-5248982273F3"}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F3D478C-221F-4A07-8520-CD8856A75DCA"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B018B05B-1311-4E0F-A9D0-620C1BF904A1"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "728372F8-6561-473D-B54D-1DB41DA1CF55"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BDA49F-C3E7-4D32-8105-E75525BFB2D4"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE153B9F-721D-42ED-A662-C2597B7BF073"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "254243DD-2E3E-48ED-A92C-8F4FD405DA57"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF734D8-1F01-498C-A917-5B528BFD9CAA"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492F661C-45E4-4B9B-AD26-1873D91DBEA6"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546EB570-C2AC-473B-BED8-C47167D2593A"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2C8269-9C66-4E41-A56C-ACC709DC2053"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64382F2C-15AC-41FE-A936-CEB44C1AFB9F"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B099B9-3D7E-47A4-94A5-B89759189D26"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65A8629A-CFAE-4403-BEE7-622912483702"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50836FA3-8116-4D58-B73E-B4830FB3A551"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0607649-62FE-41CB-9444-53CD9C5B67C0"}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3397D8DC-3410-401F-8854-BFCC35AD6686"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B0FB8D5-75CB-4691-AB9F-B4FA46973421"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42DCED2D-76C5-49D1-A72D-E578CF686F5A"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E1B240-BD86-41D3-BAC1-96005CB31DEE"}, {"criteria": "cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFC8587-FB9E-4FE2-B725-81CE3CE590F8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A5FFEDD-1D4A-42A1-964A-88696925859A", "versionEndIncluding": "10.9.5", "versionStartIncluding": "10.9.0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E4E9ED2-42E1-47F3-AFB4-C92A4E4FB554", "versionEndIncluding": "10.10.5", "versionStartIncluding": "10.10.0"}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2461051C-EB76-4022-8BBC-B3D26635240B", "versionEndIncluding": "10.11.3", "versionStartIncluding": "10.11.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:virtual_customer_access_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F4BE0A-DBE6-45F7-9FA6-6A0BE2566631", "versionEndIncluding": "15.07"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9857D3A8-7942-4624-B3D6-9943D34030B8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

8.1 /10