CVE-2016-10009

Опубликовано: 19 дек. 2016

Источник: redhat

CVSS3: 6.6

CVSS2: 4.6

Описание

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent.

Отчет

In order to exploit this flaw, the attacker needs to have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent. Because of this restriction for successful exploitation, this issue has been rated as having Moderate security impact. A future update may address this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	openssh	Will not fix
Red Hat Enterprise Linux 5	openssh	Will not fix
Red Hat Enterprise Linux 6	openssh	Will not fix
Red Hat Enterprise Linux 7	openssh	Fixed	RHSA-2017:2029	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1406269openssh: loading of untrusted PKCS#11 modules in ssh-agent

6.6 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2016-10009

CVSS3: 7.3

ubuntu

больше 8 лет назад

CVE-2016-10009

CVSS3: 7.3

nvd

больше 8 лет назад

CVE-2016-10009

CVSS3: 7.3

debian

больше 8 лет назад

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...

GHSA-5rjr-wmvr-493x

CVSS3: 7.3

github

около 3 лет назад

BDU:2017-00353

CVSS3: 7.3

fstec

больше 8 лет назад

Уязвимость агента ssh-agent средства криптографической защиты OpenSSH, позволяющая нарушителю выполнить произвольный код

6.6 Medium

CVSS3

4.6 Medium

CVSS2