Description The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
CVSS vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Exploitability: 2.8 | Impact: 3.6 Attack Vector: Network
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Affected Packages8 packages Show 3 more packages
🔴 Vulnerability Details3 GHSA GHSA-9h73-2pqx-3jh8: The resend_bytes function in roaming_common ↗ 2022-05-13 ▶ CVEList CVE-2016-0777: The resend_bytes function in roaming_common ↗ 2016-01-14 ▶ OSV CVE-2016-0777: The resend_bytes function in roaming_common ↗ 2016-01-14 ▶
🔍 Detection Rules2 Suricata ET EXPLOIT Possible CVE-2016-0777 Server Advertises Suspicious Roaming Support ↗ 2016-01-15 ▶ Suricata ET EXPLOIT Possible CVE-2016-0777 Client Sent Roaming Resume Request ↗ 2016-01-15 ▶
📋 Vendor Advisories7 Red Hat guile: Thread-unsafe umask modification ↗ 2016-10-10 ▶ Palo Alto PAN-SA-2016-0011 OpenSSH vulnerabilities ↗ 2016-07-12 ▶ Red Hat OpenSSH: Client Information leak due to use of roaming connection feature ↗ 2016-01-14 ▶ Ubuntu OpenSSH vulnerabilities ↗ 2016-01-14 ▶ BSD FreeBSD-SA-16:07.openssh: OpenSSH client information leak ↗ 2016-01-14 ▶ Show 2 more
💬 Community5 Bugzilla CVE-2016-8605 guile: Thread-unsafe umask modification ↗ 2016-10-12 ▶ Bugzilla CVE-2016-0777 CVE-2016-0778 gsi-openssh: various flaws [epel-7] ↗ 2016-01-15 ▶ Bugzilla CVE-2016-0777 CVE-2016-0778 gsi-openssh: various flaws [fedora-all] ↗ 2016-01-15 ▶ Bugzilla CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature [fedora-all] ↗ 2016-01-14 ▶ Bugzilla CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature ↗ 2016-01-13 ▶