CVE-2016-10011 — Sensitive Information Exposure in Openssh

CWE-320 CWE-200 — Sensitive Information Exposure12 documents10 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 96.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Paloalto Prisma SD

Timeline

PublishedJan 5

Latest updateApr 5

Description

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianopenbsd/openssh< 1:7.4p1-1+3

▶NVDopenbsd/openssh7.3

▶Palo Altopaloalto/prisma_sd

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-xcgr-wv7g-4j33: authfile↗2022-05-13

▶

OSV

openssh vulnerabilities↗2018-01-22

▶

OSV

CVE-2016-10011: authfile↗2017-01-05

▶

CVEList

CVE-2016-10011: authfile↗2017-01-05

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION↗2024-04-05

▶

Ubuntu

OpenSSH vulnerabilities↗2018-01-22

▶

Apple

CVE-2016-10011: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite↗2017-03-27

▶

Red Hat

openssh: Leak of host private key material to privilege-separated child process via realloc()↗2016-12-19

▶

Debian

CVE-2016-10011: openssh - authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects ...↗2016

▶

💬Community

Bugzilla

CVE-2016-10009 CVE-2016-10010 CVE-2016-10011 CVE-2016-10012 openssh: various flaws [fedora-all]↗2016-12-20

▶

Bugzilla

CVE-2016-10011 openssh: Leak of host private key material to privilege-separated child process via realloc()↗2016-12-20

▶