Vulnerability Details : CVE-2016-0777
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
Vulnerability category: Information leak
Threat overview for CVE-2016-0777
Top countries where our scanners detected CVE-2016-0777
Top open port discovered on systems with this issue
22
IPs affected by CVE-2016-0777 2,524,775
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-0777!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-0777
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-0777
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-0777
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0777
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote VulnerabilitiesThird Party Advisory
-
https://bto.bluecoat.com/security-advisory/sa109
SA109 : Multiple OpenSSH Vulnerabilities (January 2016)Third Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote VulnerabilitiesThird Party Advisory
-
https://security.gentoo.org/glsa/201601-01
OpenSSH: Multiple vulnerabilities (GLSA 201601-01) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/14/7
oss-security - Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778Mailing List;Third Party Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
Juniper Networks - 2016-04 Security Bulletin: Junos: OpenSSH Client Information Leak and Buffer Overflow in roaming support (CVE-2016-0777, CVE-2016-0778)Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
[security-announce] SUSE-SU-2016:0118-1: critical: Security update for oMailing List;Third Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
HPSBMU03668 rev.1 - HPE Systems Insight Manager using OpenSSL, Multiple Remote VulnerabilitiesThird Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3446
Debian -- Security Information -- DSA-3446-1 opensshThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
[SECURITY] Fedora 23 Update: openssh-7.1p2-1.fc23Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-Overflow-Leak.html
Qualys Security Advisory - OpenSSH Overflow / Leak ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/80695
OpenSSH CVE-2016-0777 Information Disclosure VulnerabilityVDB Entry;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle Solaris Third Party Bulletin - October 2015Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
[security-announce] openSUSE-SU-2016:0127-1: critical: Security update fMailing List;Third Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05247375
HPSBGN03638 rev.1 - HPE Remote Device Access: Virtual Customer Access System (vCAS) using lighttpd and OpenSSH, Unauthorized Modification of Information, Remote Denial of Service (DoS), Remote DisclosThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
[SECURITY] Fedora 22 Update: openssh-6.9p1-10.fc22Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
[SECURITY] Fedora 23 Update: gsi-openssh-7.1p2-1.fc23Mailing List;Third Party Advisory
-
https://support.apple.com/HT206167
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple SupportThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2869-1
USN-2869-1: OpenSSH vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openssh.com/txt/release-7.1p2
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
[security-announce] SUSE-SU-2016:0117-1: critical: Security update for oMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
[SECURITY] Fedora 22 Update: gsi-openssh-6.9p1-7.fc22Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2016/Jan/44
Full Disclosure: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778Mailing List;Third Party Advisory
-
http://www.securityfocus.com/archive/1/537295/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
UTM Up2Date 9.354 released – Sophos NewsThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
[security-announce] SUSE-SU-2016:0120-1: critical: Security update for oMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1034671
OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory - SecurityTrackerThird Party Advisory;VDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
UTM Up2Date 9.319 released – Sophos NewsThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
[security-announce] SUSE-SU-2016:0119-1: critical: Security update for oMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
[security-announce] openSUSE-SU-2016:0128-1: critical: Security update fMailing List;Third Party Advisory
Products affected by CVE-2016-0777
- cpe:2.3:a:hp:remote_device_access_virtual_customer_access_system:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
- cpe:2.3:a:sophos:unified_threat_management_software:9.353:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:unified_threat_management_software:9.318:*:*:*:*:*:*:*