Launchpad CVE tracker

CVE 2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016011...
CONFIRM: http://www.openssh.com...
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2016-03-21-5
CONFIRM: https://blogs.sophos.c...
CONFIRM: https://blogs.sophos.c...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 80698
FEDORA: FEDORA-2016-2e89eba0c1
FULLDISC: 20160115 Qualys Securi...
MISC: http://packetstormsecu...
CONFIRM: https://bto.bluecoat.c...
DEBIAN: DSA-3446
FEDORA: FEDORA-2016-4556904561
GENTOO: GLSA-201601-01
SUSE: SUSE-SU-2016:0117
SUSE: SUSE-SU-2016:0118
SUSE: SUSE-SU-2016:0119
SUSE: SUSE-SU-2016:0120
SUSE: openSUSE-SU-2016:0127
SUSE: openSUSE-SU-2016:0128
UBUNTU: USN-2869-1
SECTRACK: 1034671
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://kb.juniper.net/...
BUGTRAQ: 20160114 Qualys Securi...
CONFIRM: https://cert-portal.si...

Launchpad.net

CVE 2016-0778

Related bugs

References