Test ID:	1.3.6.1.4.1.25623.1.0.8103256
Category:	General
Title:	OpenSSH < 7.4 Multiple Vulnerabilities (Jan 2017) - Linux
Summary:	OpenSSH is prone to multiple vulnerabilities.
Description:	Summary: OpenSSH is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An 'authfile.c' script does not properly consider the effects of realloc on buffer contents. - The shared memory manager (associated with pre-authentication compression) does not ensure that a bounds check is enforced by all compilers. - The sshd in OpenSSH creates forwarded Unix-domain sockets as root, when privilege separation is not used. - An untrusted search path vulnerability in ssh-agent.c in ssh-agent. - NULL pointer dereference error due to an out-of-sequence NEWKEYS message. Vulnerability Impact: Successfully exploiting this issue allows local users to obtain sensitive private-key information, to gain privileges, conduct a senial-of-service condition and allows remote attackers to execute arbitrary local PKCS#11 modules. Affected Software/OS: OpenSSH versions before 7.4 on Linux. Solution: Update to version 7.4 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10009 BugTraq ID: 94968 http://www.securityfocus.com/bid/94968 https://www.exploit-db.com/exploits/40963/ FreeBSD Security Advisory: FreeBSD-SA-17:01 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc http://seclists.org/fulldisclosure/2023/Jul/31 http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1009 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/9 http://www.openwall.com/lists/oss-security/2023/07/20/1 RedHat Security Advisories: RHSA-2017:2029 https://access.redhat.com/errata/RHSA-2017:2029 http://www.securitytracker.com/id/1037490 https://usn.ubuntu.com/3538-1/ Common Vulnerability Exposure (CVE) ID: CVE-2016-10010 BugTraq ID: 94972 http://www.securityfocus.com/bid/94972 https://www.exploit-db.com/exploits/40962/ http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 Common Vulnerability Exposure (CVE) ID: CVE-2016-10011 BugTraq ID: 94977 http://www.securityfocus.com/bid/94977 Common Vulnerability Exposure (CVE) ID: CVE-2016-10012 BugTraq ID: 94975 http://www.securityfocus.com/bid/94975 Common Vulnerability Exposure (CVE) ID: CVE-2016-10708 BugTraq ID: 102780 http://www.securityfocus.com/bid/102780 http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 https://www.openssh.com/releasenotes.html https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html https://usn.ubuntu.com/3809-1/
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.