CVE-2016-0778
high-risk
Published 2016-01-14
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
References (62)
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Third Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Ove...
Mailing List
http://seclists.org/fulldisclosure/2016/Jan/44
Third Party Advisory
http://www.debian.org/security/2016/dsa-3446
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h...
Third Party Advisory
http://www.securityfocus.com/archive/1/537295/100/0/threaded
Third Party Advisory
http://www.securityfocus.com/bid/80698
Third Party Advisory
http://www.securitytracker.com/id/1034671
and 42 more references
53
/ 100
high-risk
Severity
24/34 · High
Exploitability
5/34 · Minimal
Exposure
24/34 · High