UBUNTU-CVE-2016-0777
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2016-0777
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-0777.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-0777
- Related
- Published
- 2016-01-14T17:00:00Z
- Modified
- 2016-01-14T17:00:00Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
- References
-
- https://ubuntu.com/security/CVE-2016-0777
- http://www.undeadly.org/cgi?action=article&sid=20160114142733
- http://article.gmane.org/gmane.comp.security.oss.general/18580
- https://ubuntu.com/security/notices/USN-2869-1
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming
- https://www.cve.org/CVERecord?id=CVE-2016-0777
Affected packages
Ubuntu:14.04:LTS / openssh
Package
- Name
- openssh
- Purl
- pkg:deb/ubuntu/openssh@1:6.6p1-2ubuntu2.4?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:6.6p1-2ubuntu2.4
Affected versions
1:6.*
1:6.2p2-6
1:6.2p2-6ubuntu1
1:6.4p1-1
1:6.4p1-2
1:6.5p1-1
1:6.5p1-2
1:6.5p1-3
1:6.5p1-4
1:6.5p1-6
1:6.6p1-1
1:6.6p1-2
1:6.6p1-2ubuntu1
1:6.6p1-2ubuntu2
1:6.6p1-2ubuntu2.2
1:6.6p1-2ubuntu2.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"ssh-askpass-gnome": "1:6.6p1-2ubuntu2.4",
"ssh-askpass-gnome-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-client-udeb-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-client-udeb": "1:6.6p1-2ubuntu2.4",
"ssh-krb5": "1:6.6p1-2ubuntu2.4",
"openssh-server-udeb-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-sftp-server": "1:6.6p1-2ubuntu2.4",
"openssh-sftp-server-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-client": "1:6.6p1-2ubuntu2.4",
"openssh-server": "1:6.6p1-2ubuntu2.4",
"openssh-server-udeb": "1:6.6p1-2ubuntu2.4",
"openssh-server-dbgsym": "1:6.6p1-2ubuntu2.4",
"ssh": "1:6.6p1-2ubuntu2.4",
"openssh-client-dbgsym": "1:6.6p1-2ubuntu2.4"
}
]
}