CVE-2016-0777

Published: Jan 14, 2016Modified: May 29, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

Affected (51)

Products: Sophos: Unified Threat Management Software · Oracle: Linux, Solaris · Openbsd: Openssh · +2 more

Show all products

Sophos: Unified Threat Management Software · Oracle: Linux, Solaris · Openbsd: Openssh · Hp: Remote Device Access Virtual Customer Access System · Apple: Mac Os X

Sophos

1 product

Unified Threat Management Software

2 products

1 product

1 product

Remote Device Access Virtual Customer Access System

Apple

1 product

Mac Os X

Configuration A

2 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Sophos Unified Threat Management Software	Version 9.318
Sophos Unified Threat Management Software	Version 9.353

Running on/with	Platform Versions
Sophos Unified Threat Management	Version 110
Sophos Unified Threat Management	Version 120
Sophos Unified Threat Management	Version 220
Sophos Unified Threat Management	Version 320
Sophos Unified Threat Management	Version 425
Sophos Unified Threat Management	Version 525
Sophos Unified Threat Management	Version 625

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7
Oracle Solaris	Version 11.3

Configuration C

45 vulnerable

Vulnerable Software	Affected Versions
Openbsd Openssh	Version 5.0
Openbsd Openssh	Version 5.0 p1
Openbsd Openssh	Version 5.1
Openbsd Openssh	Version 5.1 p1
Openbsd Openssh	Version 5.2
Openbsd Openssh	Version 5.2 p1
Openbsd Openssh	Version 5.3
Openbsd Openssh	Version 5.3 p1
Openbsd Openssh	Version 5.4
Openbsd Openssh	Version 5.4 p1
Openbsd Openssh	Version 5.5
Openbsd Openssh	Version 5.5 p1
Openbsd Openssh	Version 5.6
Openbsd Openssh	Version 5.6 p1
Openbsd Openssh	Version 5.7
Openbsd Openssh	Version 5.7 p1
Openbsd Openssh	Version 5.8
Openbsd Openssh	Version 5.8 p1
Openbsd Openssh	Version 5.9
Openbsd Openssh	Version 5.9 p1
Openbsd Openssh	Version 6.0
Openbsd Openssh	Version 6.0 p1
Openbsd Openssh	Version 6.1
Openbsd Openssh	Version 6.1 p1
Openbsd Openssh	Version 6.2
Openbsd Openssh	Version 6.2 p1
Openbsd Openssh	Version 6.2 p2
Openbsd Openssh	Version 6.3
Openbsd Openssh	Version 6.3 p1
Openbsd Openssh	Version 6.4
Openbsd Openssh	Version 6.4 p1
Openbsd Openssh	Version 6.5
Openbsd Openssh	Version 6.5 p1
Openbsd Openssh	Version 6.6
Openbsd Openssh	Version 6.6 p1
Openbsd Openssh	Version 6.7
Openbsd Openssh	Version 6.7 p1
Openbsd Openssh	Version 6.8
Openbsd Openssh	Version 6.8 p1
Openbsd Openssh	Version 6.9
Openbsd Openssh	Version 6.9 p1
Openbsd Openssh	Version 7.0
Openbsd Openssh	Version 7.0 p1
Openbsd Openssh	Version 7.1
Openbsd Openssh	Version 7.1 p1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Hp Remote Device Access Virtual Customer Access System	Up to 15.07

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.11.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (68)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Jan/44

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2016/dsa-3446

Source: secalert@redhat.com

Third Party Advisory

http://www.openssh.com/txt/release-7.1p2

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/01/14/7

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/537295/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/80695

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034671

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2869-1

Source: secalert@redhat.com

Third Party Advisory

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Source: secalert@redhat.com

Third Party Advisory

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Source: secalert@redhat.com

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa109

Source: secalert@redhat.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Source: secalert@redhat.com

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201601-01

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/HT206167

Source: secalert@redhat.com

Third Party Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734