Vulnerability Details : CVE-2016-10012
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.
Vulnerability category: Overflow
Products affected by CVE-2016-10012
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-10012
Top countries where our scanners detected CVE-2016-10012
Top open port discovered on systems with this issue
22
IPs affected by CVE-2016-10012 3,128,971
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-10012!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-10012
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10012
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-10012
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10012
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
The Slackware Linux Project: Slackware Security Advisories
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
HPESBUX03818 rev.2 - HP-UX Secure Shell, Multiple Remote Vulnerabilities
-
http://www.securitytracker.com/id/1037490
OpenSSH Multiple Flaws Let Remote Authenticated Users Gain Elevated Privileges and Local Privileged Users Obtain Host Private Keys - SecurityTracker
-
https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9
Remove support for pre-authentication compression. Doing compression · openbsd/src@3095060 · GitHubVendor Advisory;Patch
-
https://security.netapp.com/advisory/ntap-20171130-0002/
January 2017 OpenSSH Vulnerabilities in NetApp Products | NetApp Product Security
-
https://support.f5.com/csp/article/K62201745?utm_source=f5support&utm_medium=RSS
OpenSSH vulnerability CVE-2016-10012
-
https://access.redhat.com/errata/RHSA-2017:2029
RHSA-2017:2029 - Security Advisory - Red Hat Customer Portal
-
https://www.openssh.com/txt/release-7.4
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
[SECURITY] [DLA 1500-1] openssh security update
-
http://www.securityfocus.com/bid/94975
OpenSSH CVE-2016-10012 Security Bypass Vulnerability
-
http://www.openwall.com/lists/oss-security/2016/12/19/2
oss-security - Announce: OpenSSH 7.4 releasedMailing List;Release Notes
Jump to