Vulnerability Details : CVE-2016-10010
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
Threat overview for CVE-2016-10010
Top countries where our scanners detected CVE-2016-10010
Top open port discovered on systems with this issue
22
IPs affected by CVE-2016-10010 2,489,754
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-10010!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-10010
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-10010
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2016-10010
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10010
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
The Slackware Linux Project: Slackware Security Advisories
-
http://www.securityfocus.com/bid/94972
OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
HPESBUX03818 rev.2 - HP-UX Secure Shell, Multiple Remote Vulnerabilities
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1010
1010 - OpenSSH: LPE via forwarded unix domain sockets if privsep is disabled - project-zero - Monorail
-
http://www.securitytracker.com/id/1037490
OpenSSH Multiple Flaws Let Remote Authenticated Users Gain Elevated Privileges and Local Privileged Users Obtain Host Private Keys - SecurityTracker
-
http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
OpenSSH Local Privilege Escalation ≈ Packet Storm
-
https://security.netapp.com/advisory/ntap-20171130-0002/
January 2017 OpenSSH Vulnerabilities in NetApp Products | NetApp Product Security
-
https://www.exploit-db.com/exploits/40962/
OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
- https://www.openssh.com/txt/release-7.4
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce
disable Unix-domain socket forwarding when privsep is disabled · openbsd/src@c76fac6 · GitHubPatch
-
http://www.openwall.com/lists/oss-security/2016/12/19/2
oss-security - Announce: OpenSSH 7.4 releasedMailing List;Release Notes
Products affected by CVE-2016-10010
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*