CVE-2016-0778

Published: Jan 14, 2016Modified: May 29, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Affected (44)

Products: Oracle: Linux, Solaris · Openbsd: Openssh · Apple: Mac Os X · +2 more

Show all products

Oracle: Linux, Solaris · Openbsd: Openssh · Apple: Mac Os X · Hp: Virtual Customer Access System · Sophos: Unified Threat Management Software

2 products

1 product

1 product

1 product

Virtual Customer Access System

Sophos

1 product

Unified Threat Management Software

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7
Oracle Solaris	Version 11.3

Configuration B

37 vulnerable

Vulnerable Software	Affected Versions
Openbsd Openssh	Version 5.4
Openbsd Openssh	Version 5.4 p1
Openbsd Openssh	Version 5.5
Openbsd Openssh	Version 5.5 p1
Openbsd Openssh	Version 5.6
Openbsd Openssh	Version 5.6 p1
Openbsd Openssh	Version 5.7
Openbsd Openssh	Version 5.7 p1
Openbsd Openssh	Version 5.8
Openbsd Openssh	Version 5.8 p1
Openbsd Openssh	Version 5.9
Openbsd Openssh	Version 5.9 p1
Openbsd Openssh	Version 6.0
Openbsd Openssh	Version 6.0 p1
Openbsd Openssh	Version 6.1
Openbsd Openssh	Version 6.1 p1
Openbsd Openssh	Version 6.2
Openbsd Openssh	Version 6.2 p1
Openbsd Openssh	Version 6.2 p2
Openbsd Openssh	Version 6.3
Openbsd Openssh	Version 6.3 p1
Openbsd Openssh	Version 6.4
Openbsd Openssh	Version 6.4 p1
Openbsd Openssh	Version 6.5
Openbsd Openssh	Version 6.5 p1
Openbsd Openssh	Version 6.6
Openbsd Openssh	Version 6.6 p1
Openbsd Openssh	Version 6.7
Openbsd Openssh	Version 6.7 p1
Openbsd Openssh	Version 6.8
Openbsd Openssh	Version 6.8 p1
Openbsd Openssh	Version 6.9
Openbsd Openssh	Version 6.9 p1
Openbsd Openssh	Version 7.0
Openbsd Openssh	Version 7.0 p1
Openbsd Openssh	Version 7.1
Openbsd Openssh	Version 7.1 p1

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	From 10.10.0 to 10.10.5
Apple Mac Os X	From 10.11.0 to 10.11.3
Apple Mac Os X	From 10.9.0 to 10.9.5

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Hp Virtual Customer Access System	Up to 15.07

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Sophos Unified Threat Management Software	Version 9.353

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (62)

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Source: secalert@redhat.com

Mailing ListRelease NotesThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2016/Jan/44

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2016/dsa-3446

Source: secalert@redhat.com

Third Party Advisory

http://www.openssh.com/txt/release-7.1p2

Source: secalert@redhat.com

PatchRelease NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2016/01/14/7

Source: secalert@redhat.com

ExploitMailing ListTechnical DescriptionThird Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/537295/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/80698

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034671

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2869-1

Source: secalert@redhat.com

Third Party Advisory

https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/

Source: secalert@redhat.com

Release NotesVendor Advisory

https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/

Source: secalert@redhat.com

Release NotesVendor Advisory

https://bto.bluecoat.com/security-advisory/sa109

Source: secalert@redhat.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201601-01

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/HT206167

Source: secalert@redhat.com

Vendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734