Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10011

Опубликовано: 19 дек. 2016
Источник: redhat
CVSS3: 2.5
CVSS2: 1
EPSS Низкий

Описание

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information.

Отчет

It seems that this flaw is not practically exploitable, the leak of host private key material to the privilege-separated child processes is theoretical. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Because of the this restriction for successful exploitation, this issue has been rated as having Low security impact. A future update may address this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4opensshWill not fix
Red Hat Enterprise Linux 5opensshWill not fix
Red Hat Enterprise Linux 6opensshFix deferred
Red Hat Enterprise Linux 7opensshFixedRHSA-2017:202901.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1406286openssh: Leak of host private key material to privilege-separated child process via realloc()

EPSS

Процентиль: 2%
0.00017
Низкий

2.5 Low

CVSS3

1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-10011

CVSS3: 5.5
ubuntu
больше 8 лет назад

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

nvd логотип

CVE-2016-10011

CVSS3: 5.5
nvd
больше 8 лет назад

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

debian логотип

CVE-2016-10011

CVSS3: 5.5
debian
больше 8 лет назад

authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...

github логотип

GHSA-xcgr-wv7g-4j33

CVSS3: 5.5
github
около 3 лет назад

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

fstec логотип

BDU:2021-03293

CVSS3: 5.5
fstec
больше 8 лет назад

Уязвимость компонента authfile.c службы sshd средства криптографической защиты OpenSSH, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 2%
0.00017
Низкий

2.5 Low

CVSS3

1 Low

CVSS2