UBUNTU-CVE-2016-0778
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2016-0778
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-0778.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-0778
- Related
- Published
- 2016-01-14T17:00:00Z
- Modified
- 2016-01-14T17:00:00Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The (1) roamingread and (2) roamingwrite functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
- References
-
- https://ubuntu.com/security/CVE-2016-0778
- http://www.undeadly.org/cgi?action=article&sid=20160114142733
- http://article.gmane.org/gmane.comp.security.oss.general/18580
- https://ubuntu.com/security/notices/USN-2869-1
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/OpenSSHClientRoaming
- https://www.cve.org/CVERecord?id=CVE-2016-0778
Affected packages
Ubuntu:14.04:LTS / openssh
Package
- Name
- openssh
- Purl
- pkg:deb/ubuntu/openssh@1:6.6p1-2ubuntu2.4?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:6.6p1-2ubuntu2.4
Affected versions
1:6.*
1:6.2p2-6
1:6.2p2-6ubuntu1
1:6.4p1-1
1:6.4p1-2
1:6.5p1-1
1:6.5p1-2
1:6.5p1-3
1:6.5p1-4
1:6.5p1-6
1:6.6p1-1
1:6.6p1-2
1:6.6p1-2ubuntu1
1:6.6p1-2ubuntu2
1:6.6p1-2ubuntu2.2
1:6.6p1-2ubuntu2.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"ssh-askpass-gnome": "1:6.6p1-2ubuntu2.4",
"ssh-askpass-gnome-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-client-udeb-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-client-udeb": "1:6.6p1-2ubuntu2.4",
"ssh-krb5": "1:6.6p1-2ubuntu2.4",
"openssh-server-udeb-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-sftp-server": "1:6.6p1-2ubuntu2.4",
"openssh-sftp-server-dbgsym": "1:6.6p1-2ubuntu2.4",
"openssh-client": "1:6.6p1-2ubuntu2.4",
"openssh-server": "1:6.6p1-2ubuntu2.4",
"openssh-server-udeb": "1:6.6p1-2ubuntu2.4",
"openssh-server-dbgsym": "1:6.6p1-2ubuntu2.4",
"ssh": "1:6.6p1-2ubuntu2.4",
"openssh-client-dbgsym": "1:6.6p1-2ubuntu2.4"
}
]
}