Vulnerability Description
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CVSS Score
7.3
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | <= 7.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.ht
- http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-C
- http://seclists.org/fulldisclosure/2023/Jul/31
- http://www.openwall.com/lists/oss-security/2016/12/19/2Mailing ListRelease Notes
- http://www.openwall.com/lists/oss-security/2023/07/19/9
- http://www.openwall.com/lists/oss-security/2023/07/20/1
- http://www.securityfocus.com/bid/94968
- http://www.securitytracker.com/id/1037490
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slack
- https://access.redhat.com/errata/RHSA-2017:2029
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1009
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5Patch
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
FAQ
What is CVE-2016-10009?
CVE-2016-10009 is a vulnerability with a CVSS score of 7.3 (HIGH). Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-so...
How severe is CVE-2016-10009?
CVE-2016-10009 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10009?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.