CVE-2016-10009
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-10009
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10009.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-10009
- Downstream
- Related
- Published
- 2017-01-05T02:59:03Z
- Modified
- 2025-04-12T10:46:40Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
- References
-
- http://www.openwall.com/lists/oss-security/2016/12/19/2
- https://access.redhat.com/errata/RHSA-2017:2029
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
- https://security.netapp.com/advisory/ntap-20171130-0002/
- https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5
- http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html
- http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2023/Jul/31
- http://www.openwall.com/lists/oss-security/2023/07/19/9
- http://www.openwall.com/lists/oss-security/2023/07/20/1
- http://www.securityfocus.com/bid/94968
- http://www.securitytracker.com/id/1037490
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1009
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
- https://usn.ubuntu.com/3538-1/
- https://www.exploit-db.com/exploits/40963/
- https://www.openssh.com/txt/release-7.4
Affected packages
Git / github.com/openbsd/src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openbsd/src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/openssh/openssh-portable
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affected
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 5276.0,
"function_hash": "54322556810749533856674203680550405300"
},
"id": "CVE-2016-10009-6e1bf1ba",
"deprecated": false,
"target": {
"file": "usr.bin/ssh/ssh-agent.c",
"function": "main"
},
"signature_type": "Function",
"source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"signature_version": "v1",
"digest": {
"length": 1620.0,
"function_hash": "184555741998832899293569114491144664366"
},
"id": "CVE-2016-10009-9aede9cd",
"deprecated": false,
"target": {
"file": "usr.bin/ssh/ssh-agent.c",
"function": "process_add_smartcard_key"
},
"signature_type": "Function",
"source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"signature_version": "v1",
"digest": {
"length": 248.0,
"function_hash": "168430173209846986160139292021779653609"
},
"id": "CVE-2016-10009-a44430d9",
"deprecated": false,
"target": {
"file": "usr.bin/ssh/ssh-agent.c",
"function": "usage"
},
"signature_type": "Function",
"source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"142483365029668147691457446802921276205",
"250659224063928617215793942078706547538",
"186433263794914433655546570418640715506",
"145956066483205540825210961224514516665",
"205336514962396733962946238137086908057",
"308294402119300721808387440053904700120",
"229170636859438846261070092903996245548",
"133605912153722405171070541258834829263",
"298945563002082750975148888961149448936",
"18223243453012819806615890197908838889",
"92292952884314727365381090292952041489",
"250294875155092404905750109346889395714",
"303923036939542543422567147047301569345",
"165459416023956927317086797988258544570",
"194615421843460364635895814226128714084",
"14464617986697886313054505967818965353",
"123684310053238233503711894002495251236",
"207909760781518401665282819603546709059",
"78106355598291000459226506197302424160",
"106275913102308758012226899301898271087",
"242665360652111663045219209098025944356",
"139797183103614261312021618757273732659",
"182391827327216986141572706776590394273",
"111044574282543119978158872884833335479",
"288232552361581177306819966473921100645",
"297550672717688535026537946978165800386",
"107034572075901416288895530823586948123",
"100003948836048931810044988847738001910",
"106849634978805465190365600533325433236",
"101233567377053187735520598652020051794",
"335869512759701909861770044595716911071",
"328237990972000635419229533316714104257",
"259729757027794272826680827647026360446",
"85755012820083792425085775497825793503",
"124726711480376203878848898571313165213",
"98474810828369877792745208280358344886",
"98559506974840227351087186343261946048",
"167843081860392035951525998529388116105",
"268386579347951704159859878925413090012",
"51528988384784010480338758662223195005",
"169951084360471300534704882317258565364",
"321537092709250968834794765376342790241",
"300385835046007811152383045892687120525",
"320862203674190077317850581735226510658",
"51365043877139803052742965681721138317"
]
},
"id": "CVE-2016-10009-cbeaedac",
"deprecated": false,
"target": {
"file": "usr.bin/ssh/ssh-agent.c"
},
"signature_type": "Line",
"source": "https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5"
}
]
}