CVE-2016-1907
published 2016-01-19CVE-2016-1907: The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application…
PriorityP431medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
EPSS
14.34%
96.2th percentile
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:7.1p2-1 (bookworm) | openssh 1:7.1p2-1 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:7.1p2-1 | 1:7.1p2-1 |
| openbsd | openssh | >= 0 < 1:7.1p2-1 | 1:7.1p2-1 |
| openbsd | openssh | >= 0 < 1:7.1p2-1 | 1:7.1p2-1 |
| openbsd | openssh | >= 0 < 1:7.1p2-1 | 1:7.1p2-1 |
| openbsd | openssh | >= 0 < 1:6.6p1-2ubuntu2.7 | 1:6.6p1-2ubuntu2.7 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3xwc-hv27-5fhw: The ssh_packet_read_poll2 function in packet
ghsa_unreviewed·2022-05-17
CVE-2016-1907 [MEDIUM] CWE-119 GHSA-3xwc-hv27-5fhw: The ssh_packet_read_poll2 function in packet
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
OSV
openssh vulnerabilities
osv·2016-05-09·CVSS 7.8
CVE-2015-8325 [HIGH] openssh vulnerabilities
openssh vulnerabilities
Shayan Sadigh discovered that OpenSSH incorrectly handled environment files
when the UseLogin feature is enabled. A local attacker could use this issue
to gain privileges. (CVE-2015-8325)
Ben Hawkes discovered that OpenSSH incorrectly handled certain network
traffic. A remote attacker could possibly use this issue to cause OpenSSH
to crash, resulting in a denial of service. This issue only applied to
Ubuntu 15.10. (CVE-2016-1907)
Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11
forwarding when the SECURITY extension is disabled. A connection configured
as being untrusted could get switched to trusted in certain scenarios,
contrary to expectations. (CVE-2016-1908)
It was discovered that OpenSSH incorrectly handled certain X11 forwarding
data
OSV
CVE-2016-1907: The ssh_packet_read_poll2 function in packet
osv·2016-01-19·CVSS 5.3
CVE-2016-1907 [MEDIUM] CVE-2016-1907: The ssh_packet_read_poll2 function in packet
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Ubuntu
OpenSSH vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 7.8
CVE-2015-8325 [HIGH] OpenSSH vulnerabilities
Title: OpenSSH vulnerabilities
Summary: Several security issues were fixed in OpenSSH.
Shayan Sadigh discovered that OpenSSH incorrectly handled environment files
when the UseLogin feature is enabled. A local attacker could use this issue
to gain privileges. (CVE-2015-8325)
Ben Hawkes discovered that OpenSSH incorrectly handled certain network
traffic. A remote attacker could possibly use this issue to cause OpenSSH
to crash, resulting in a denial of service. This issue only applied to
Ubuntu 15.10. (CVE-2016-1907)
Thomas Hoger discovered that OpenSSH incorrectly handled untrusted X11
forwarding when the SECURITY extension is disabled. A connection configured
as being untrusted could get switched to trusted in certain scenarios,
contrary to expectations. (CVE-2016-1908)
It was discove
Red Hat
openssh: out-of-bounds read in packet handling code
vendor_redhat·2016-01-14·CVSS 5.3
CVE-2016-1907 [MEDIUM] CWE-125 openssh: out-of-bounds read in packet handling code
openssh: out-of-bounds read in packet handling code
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Package: openssh (Red Hat Enterprise Linux 5) - Not affected
Package: openssh (Red Hat Enterprise Linux 6) - Not affected
Package: openssh (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2016-1907: openssh - The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows re...
vendor_debian·2016·CVSS 5.3
CVE-2016-1907 [MEDIUM] CVE-2016-1907: openssh - The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows re...
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Scope: local
bookworm: resolved (fixed in 1:7.1p2-1)
bullseye: resolved (fixed in 1:7.1p2-1)
forky: resolved (fixed in 1:7.1p2-1)
sid: resolved (fixed in 1:7.1p2-1)
trixie: resolved (fixed in 1:7.1p2-1)
No detection rules found.
No public exploits indexed.
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlhttp://www.openssh.com/txt/release-7.1p2http://www.securityfocus.com/bid/81293https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0https://bto.bluecoat.com/security-advisory/sa109https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.htmlhttp://www.openssh.com/txt/release-7.1p2http://www.securityfocus.com/bid/81293https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0https://bto.bluecoat.com/security-advisory/sa109https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
2016-01-19
Published