CVE-2016-10011

Description

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.01%• Percentile: 3%

Techniques & Countermeasures

• CWE-320•Key Management Errors

  Weaknesses in this category are related to errors in the management of cryptographic keys.

• CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer

  The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Affected Systems

• openbsd•openssh

  ≤ 7.3

References (12)

• https://security.netapp.com/advisory/ntap-20171130-0002/
• http://www.openwall.com/lists/oss-security/2016/12/19/2
• http://www.securitytracker.com/id/1037490
• https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
• http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
• https://access.redhat.com/errata/RHSA-2017:2029
• https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
• http://www.securityfocus.com/bid/94977
• https://www.openssh.com/txt/release-7.4
• https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
• https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf