CVE-2016-0777 — MEDIUM (6.5)

Q: How severe is CVE-2016-0777?

CVE-2016-0777 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-0777?

Check the references section above for vendor advisories and patch information. Affected products include: Sophos Unified Threat Management Software, Sophos Unified Threat Management, Oracle Linux, Oracle Solaris, Openbsd Openssh.

Vulnerability Description

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sophos	Unified Threat Management Software	9.318
Sophos	Unified Threat Management	110
Oracle	Linux	7
Oracle	Solaris	11.3
Openbsd	Openssh	5.0
Hp	Remote Device Access Virtual Customer Access System	<= 15.07
Apple	Mac Os X	<= 10.11.3

Related Weaknesses (CWE)

CWE-200

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.htMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.htMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-OveThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2016/Jan/44Mailing ListThird Party Advisory
http://www.debian.org/security/2016/dsa-3446Third Party Advisory

FAQ

What is CVE-2016-0777?

CVE-2016-0777 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmissi...

How severe is CVE-2016-0777?

CVE-2016-0777 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0777?

Check the references section above for vendor advisories and patch information. Affected products include: Sophos Unified Threat Management Software, Sophos Unified Threat Management, Oracle Linux, Oracle Solaris, Openbsd Openssh.