CVE-2016-10009
published 2017-01-05CVE-2016-10009: Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by…
PriorityP266high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EXPLOIT
EPSS
37.43%
98.3th percentile
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| debian | openssh | < openssh 1:9.2p1-2+deb12u1 (bookworm) | openssh 1:9.2p1-2+deb12u1 (bookworm) |
| debian | openssh | < openssh 1:7.4p1-1 (bookworm) | openssh 1:7.4p1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_openssh_8.9p1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_openssh_8.9p1-3_on_cbl_mariner_1.0 | — | — |
| openbsd | openssh | < 9.3 | 9.3 |
| openbsd | openssh | <= 7.3 | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:7.4p1-1 | 1:7.4p1-1 |
| openbsd | openssh | >= 0 < 1:8.4p1-5+deb11u2 | 1:8.4p1-5+deb11u2 |
| openbsd | openssh | >= 0 < 1:7.4p1-1 | 1:7.4p1-1 |
| openbsd | openssh | >= 0 < 1:9.2p1-2+deb12u1 | 1:9.2p1-2+deb12u1 |
| openbsd | openssh | >= 0 < 1:7.4p1-1 | 1:7.4p1-1 |
| openbsd | openssh | >= 0 < 1:9.3p2-1 | 1:9.3p2-1 |
| openbsd | openssh | >= 0 < 1:7.4p1-1 | 1:7.4p1-1 |
| openbsd | openssh | >= 0 < 1:9.3p2-1 | 1:9.3p2-1 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.10 | 1:6.6p1-2ubuntu2.10 |
| openbsd | openssh | >= 0 < 1:7.2p2-4ubuntu2.4 | 1:7.2p2-4ubuntu2.4 |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for ssh-agent processes loading shared libraries (.so files) from non-standard or user-writable paths via dlopen(), as the vulnerable code path passes attacker-controlled provider names directly to dlopen() without path validation. ↗
- →Detect use of 'ssh -A' (agent forwarding) combined with connections to untrusted or external SSH servers, which is the prerequisite attack vector for this vulnerability. ↗
- →Audit SSH client configuration files and invocations for 'ForwardAgent' directive or '-A' argument to identify hosts where agent forwarding is enabled, as this is required for exploitation. ↗
- →Monitor for SSH_AGENT_FAILURE responses following ssh-add -s calls with arbitrary .so paths, which may indicate an attempted or successful PKCS#11 module injection. ↗
- ·Agent forwarding is disabled by default; exploitation requires the user to have explicitly enabled it via 'ForwardAgent yes' or the '-A' flag. Environments where agent forwarding is not used are not exposed. ↗
- ·Exploitation also requires the attacker to have the ability to write a malicious shared library to the victim's filesystem, in addition to controlling the forwarded agent-socket. ↗
- ·Exploitation can be prevented by starting ssh-agent with an empty PKCS#11/FIDO allowlist or a restrictive one, regardless of patching status. ↗
- ·The original fix for CVE-2016-10009 was incomplete; CVE-2023-38408 represents the same class of vulnerability persisting in OpenSSH before 9.3p2, including unsafe loading from /usr/lib. ↗
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.3HIGH
vulncheck7.3HIGH
vendor_msrc9.8CRITICAL
vendor_debian7.3LOW
vendor_redhat7.3HIGH
vendor_ubuntu7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenSSH up to 7.3 Forwarded Agent Channel untrusted search path (EDB-40963 / Nessus ID 96411)
vuldb·2026-05-30·CVSS 7.3
CVE-2016-10009 [HIGH] OpenSSH up to 7.3 Forwarded Agent Channel untrusted search path (EDB-40963 / Nessus ID 96411)
A vulnerability categorized as critical has been discovered in OpenSSH up to 7.3. The affected element is an unknown function of the component Forwarded Agent Channel Handler. Executing a manipulation can lead to untrusted search path.
This vulnerability is handled as CVE-2016-10009. The attack can be executed remotely. Additionally, an exploit exists.
It is advisable to upgrade the affected component.
VulDB
OpenSSH up to 7.3 Access Control privileges management (EDB-40963 / Nessus ID 239984)
vuldb·2026-05-30·CVSS 7.3
CVE-2016-10009 [HIGH] OpenSSH up to 7.3 Access Control privileges management (EDB-40963 / Nessus ID 239984)
A vulnerability described as critical has been identified in OpenSSH up to 7.3. Affected is an unknown function of the component Access Control. Such manipulation leads to improper privilege management.
This vulnerability is referenced as CVE-2016-10009. It is possible to launch the attack remotely. Furthermore, an exploit is available.
Upgrading the affected component is recommended.
VulDB
Apple macOS up to 10.12.3 OpenSSH untrusted search path (HT207615 / EDB-40963)
vuldb·2026-05-30·CVSS 7.3
CVE-2016-10009 [HIGH] Apple macOS up to 10.12.3 OpenSSH untrusted search path (HT207615 / EDB-40963)
A vulnerability, which was classified as critical, was found in Apple macOS up to 10.12.3. Affected by this issue is some unknown functionality of the component OpenSSH. Such manipulation leads to untrusted search path.
This vulnerability is referenced as CVE-2016-10009. It is possible to launch the attack remotely. Furthermore, an exploit is available.
You should upgrade the affected component.
OSV
CVE-2023-38408: The PKCS#11 feature in ssh-agent in OpenSSH before 9
osv·2023-07-20·CVSS 7.3
CVE-2023-38408 [HIGH] CVE-2023-38408: The PKCS#11 feature in ssh-agent in OpenSSH before 9
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
GHSA
GHSA-px36-p9hv-7h2v: The PKCS#11 feature in ssh-agent in OpenSSH before 9
ghsa_unreviewed·2023-07-20·CVSS 7.3
CVE-2023-38408 [HIGH] CWE-428 GHSA-px36-p9hv-7h2v: The PKCS#11 feature in ssh-agent in OpenSSH before 9
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
VulnCheck
OpenBSD openssh Unquoted Search Path or Element
vulncheck·2023·CVSS 7.3
CVE-2023-38408 [HIGH] OpenBSD openssh Unquoted Search Path or Element
OpenBSD openssh Unquoted Search Path or Element
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Affected: OpenBSD openssh
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://sosintel.co.uk/flash-alert-cves-of-note-being-exploited-in-the-wild/; https://thorcert.notion.site/TTPs-11-Operation-An-Octopus-d875862055ca4b7b815b5e496b219671; https://content.kaspersky-labs.
GHSA
GHSA-5rjr-wmvr-493x: Untrusted search path vulnerability in ssh-agent
ghsa_unreviewed·2022-05-14
CVE-2016-10009 [HIGH] CWE-426 GHSA-5rjr-wmvr-493x: Untrusted search path vulnerability in ssh-agent
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
OSV
openssh vulnerabilities
osv·2018-01-22·CVSS 7.3
CVE-2016-10009 [HIGH] openssh vulnerabilities
openssh vulnerabilities
Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from
untrusted directories. A remote attacker could possibly use this issue to
execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-10009)
Jann Horn discovered that OpenSSH incorrectly handled permissions on
Unix-domain sockets when privilege separation is disabled. A local attacker
could possibly use this issue to gain privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-10010)
Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory
operations. A local attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu
16.04 LTS. (CVE-2016-10011)
Guid
OSV
CVE-2016-10009: Untrusted search path vulnerability in ssh-agent
osv·2017-01-05·CVSS 7.3
CVE-2016-10009 [HIGH] CVE-2016-10009: Untrusted search path vulnerability in ssh-agent
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
CISA ICS
ABB M2M Gateway
cisa_ics·2025-04-15
ABB M2M Gateway
ICS Advisory
##
ABB M2M Gateway
Release DateApril 15, 2025
Alert CodeICSA-25-105-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: M2M Gateway
- Vulnerabilities: Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory after Effective Lifetime, Allocation of Resources Without Limits or Throttling, Improper Privilege Management, Improper Limitati
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Red Hat
openssh: Remote code execution in ssh-agent PKCS#11 support
vendor_redhat·2023-07-19·CVSS 7.3
CVE-2023-38408 [HIGH] CWE-94 openssh: Remote code execution in ssh-agent PKCS#11 support
openssh: Remote code execution in ssh-agent PKCS#11 support
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the abili
Microsoft
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code
vendor_msrc·2023-07-11·CVSS 9.8
CVE-2023-38408 [HIGH] CWE-428 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publis
Debian
CVE-2023-38408: openssh - The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t...
vendor_debian·2023·CVSS 7.3
CVE-2023-38408 [HIGH] CVE-2023-38408: openssh - The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t...
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Scope: local
bookworm: resolved (fixed in 1:9.2p1-2+deb12u1)
bullseye: resolved (fixed in 1:8.4p1-5+deb11u2)
forky: resolved (fixed in 1:9.3p2-1)
sid: resolved (fixed in 1:9.3p2-1)
trixie: resolved (fixed in 1:9.3p2-1)
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Palo Alto
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
vendor_paloalto·2020-05-13·CVSS 7.5
CVE-2014-1692 [HIGH] PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS
Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have a security impact on PAN-OS, or the scenarios required for successful
CVEs: CVE-2014-1692, CVE-2014-2532, CVE-2014-2653, CVE-2015-5352, CVE-2015-8325, CVE-2016-10009, CVE-2016-10010, CVE-2016-10708, CVE-2016-1908, CVE-2016-3115, CVE-2016-6515, CVE-2018-15473, CVE-2018-15919
Affected products: PAN-OS
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2018-01-22·CVSS 7.3
CVE-2016-10009 [HIGH] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Jann Horn discovered that OpenSSH incorrectly loaded PKCS#11 modules from
untrusted directories. A remote attacker could possibly use this issue to
execute arbitrary PKCS#11 modules. This issue only affected Ubuntu 14.04
LTS and Ubuntu 16.04 LTS. (CVE-2016-10009)
Jann Horn discovered that OpenSSH incorrectly handled permissions on
Unix-domain sockets when privilege separation is disabled. A local attacker
could possibly use this issue to gain privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-10010)
Jann Horn discovered that OpenSSH incorrectly handled certain buffer memory
operations. A local attacker could possibly use this issue to obtain
sensitive information. This issue only affect
Apple
CVE-2016-10009: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 7.3
CVE-2016-10009 [HIGH] CVE-2016-10009: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2016-10009
Component: CVE-2016-10009
BSD
FreeBSD-SA-17:01.openssh: OpenSSH multiple vulnerabilities
bsd_advisories·2017-01-11·CVSS 7.3
CVE-2016-10009 [HIGH] FreeBSD-SA-17:01.openssh: OpenSSH multiple vulnerabilities
FreeBSD-SA-17:01.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH multiple vulnerabilities
Category: contrib
Module: OpenSSH
Announced: 2017-01-11
Affects: All supported versions of FreeBSD.
Corrected: 2017-01-11 05:56:40 UTC (stable/11, 11.0-STABLE)
2017-01-11 06:01:23 UTC (releng/11.0, 11.0-RELEASE-p7)
2017-01-11 05:56:40 UTC (stable/10, 10.3-STABLE)
2017-01-11 06:01:23 UTC (releng/10.3, 10.3-RELEASE-p16)
CVE Name: CVE-2016-10009, CVE-2016-10010
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
OpenSSH is an implementation of the SSH protocol suite, providing an
encrypted and authenticated transport for a variety of services,
including remo
Red Hat
openssh: loading of untrusted PKCS#11 modules in ssh-agent
vendor_redhat·2016-12-19·CVSS 7.3
CVE-2016-10009 [HIGH] openssh: loading of untrusted PKCS#11 modules in ssh-agent
openssh: loading of untrusted PKCS#11 modules in ssh-agent
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent.
Statement: In order to exploit this flaw, the attacker needs to have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent. Because of this restriction for successful
Debian
CVE-2016-10009: openssh - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH befor...
vendor_debian·2016·CVSS 7.3
CVE-2016-10009 [HIGH] CVE-2016-10009: openssh - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH befor...
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
Scope: local
bookworm: resolved (fixed in 1:7.4p1-1)
bullseye: resolved (fixed in 1:7.4p1-1)
forky: resolved (fixed in 1:7.4p1-1)
sid: resolved (fixed in 1:7.4p1-1)
trixie: resolved (fixed in 1:7.4p1-1)
No detection rules found.
Bugzilla
CVE-2016-10009 openssh: loading of untrusted PKCS#11 modules in ssh-agent
bugzilla·2016-12-20·CVSS 7.3
CVE-2016-10009 [HIGH] CVE-2016-10009 openssh: loading of untrusted PKCS#11 modules in ssh-agent
CVE-2016-10009 openssh: loading of untrusted PKCS#11 modules in ssh-agent
It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a forwarded agent channel could potentially use this flaw to execute arbitrary code on the system running the ssh-agent. Note that the attacker must have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent.
This issue was fixed by only allowing the loading of module from a trusted (and configurable) whitelist.
CVE assignment:
http://seclists.org/oss-sec/2016/q4/708
Upstream patch:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215&sortby=date&f=h
Discussion:
Bugzilla
CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 openssh: various flaws [fedora-all]
bugzilla·2016-12-20·CVSS 7.3
CVE-2016-10009 [HIGH] CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 openssh: various flaws [fedora-all]
CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 openssh: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.htmlhttp://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2023/Jul/31http://www.openwall.com/lists/oss-security/2016/12/19/2http://www.openwall.com/lists/oss-security/2023/07/19/9http://www.openwall.com/lists/oss-security/2023/07/20/1http://www.securityfocus.com/bid/94968http://www.securitytracker.com/id/1037490http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637https://access.redhat.com/errata/RHSA-2017:2029https://bugs.chromium.org/p/project-zero/issues/detail?id=1009https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.aschttps://security.netapp.com/advisory/ntap-20171130-0002/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_ushttps://usn.ubuntu.com/3538-1/https://www.exploit-db.com/exploits/40963/https://www.openssh.com/txt/release-7.4http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.htmlhttp://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2023/Jul/31http://www.openwall.com/lists/oss-security/2016/12/19/2http://www.openwall.com/lists/oss-security/2023/07/19/9http://www.openwall.com/lists/oss-security/2023/07/20/1http://www.securityfocus.com/bid/94968http://www.securitytracker.com/id/1037490http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637https://access.redhat.com/errata/RHSA-2017:2029https://bugs.chromium.org/p/project-zero/issues/detail?id=1009https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.aschttps://security.netapp.com/advisory/ntap-20171130-0002/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_ushttps://usn.ubuntu.com/3538-1/https://www.exploit-db.com/exploits/40963/https://www.openssh.com/txt/release-7.4
2017-01-05
Published