SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSH Vendors:   OpenSSH.org
(CentOS Issues Fix) OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
SecurityTracker Alert ID:  1034681
SecurityTracker URL:  http://securitytracker.com/id/1034681
CVE Reference:   CVE-2016-0777, CVE-2016-0778, CVE-2016-1907   (Links to External Site)
Date:  Jan 15 2016
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.4 - 7.1
Description:   Several vulnerabilities were reported in OpenSSH. A remote authenticated server can obtain potentially sensitive information from OpenSSH client memory on the target system or potentially execute arbitrary code on the target client system.

An OpenSSH server on an authenticated connection can cause the connected client to leak portions of client memory to the server [CVE-2016-0777]. This may include private client user keys.

The Qualys Security team reported this vulnerability.

An OpenSSH server on an authenticated connection may be able to trigger a buffer overflow and file descriptor leak in the connected client in certain cases when using ProxyCommand, ForwardAgent, or ForwardX11 [CVE-2016-0778].

The Qualys Security team reported this vulnerability.

A user may be able to trigger an out-of-bounds read access error in the packet handling code [CVE-2016-1907]. Ben Hawkes reported this vulnerability.

Impact:   A remote authenticated server can obtain potentially sensitive information from the target connected client.
Solution:   CentOS has issued a fix.

x86_64:
7aa1a232479f86e7f3b82d335b0683d815ca92f20e14a166a49c03bbb7f8ac9e openssh-6.6.1p1-23.el7_2.x86_64.rpm
a32b1a4625dd33016d110eb247329be9c242ca78f0b8f8b6d5ec6fc8a3cdc1f0 openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm
614657ffb529da95ab36aaf3a7f0e72b28622503ab1f7276083bf176b49dd58f openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm
cc70492e83aa70730a0b885bc00ad645c3ff81c31abcf85a11a06bd8df51895f openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm
97ae0347cf1cee17df80c150ff633bfd35d26184f3f9cb1d5b1640af32e9fbeb openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm
a5b98159190191c035e260475b6e7fd5a0abeba2babe09749cc2f54748a633dc openssh-server-6.6.1p1-23.el7_2.x86_64.rpm
7c78c4bcb410d1060463e8bf694f1fe144636042102604a8fbb403e398404b53 openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm
93567227a3013b9311dd1669af23e4c2628140c10ce21591ec50afe56b8df8f2 pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm
c5b9720aec08ee9e853981401dd5946ee4515859d53ec9e86795f7e4403f1db6 pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm

Source:
c0ae36b679f0dd6171897ad8952ec809c968464e685d7a0ae9333ea443132d10 openssh-6.6.1p1-23.el7_2.src.rpm

Cause:   Access control error, Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2016 OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0043 Moderate CentOS 7 openssh Security Update


CentOS Errata and Security Advisory 2016:0043 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0043.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
7aa1a232479f86e7f3b82d335b0683d815ca92f20e14a166a49c03bbb7f8ac9e  openssh-6.6.1p1-23.el7_2.x86_64.rpm
a32b1a4625dd33016d110eb247329be9c242ca78f0b8f8b6d5ec6fc8a3cdc1f0  openssh-askpass-6.6.1p1-23.el7_2.x86_64.rpm
614657ffb529da95ab36aaf3a7f0e72b28622503ab1f7276083bf176b49dd58f  openssh-clients-6.6.1p1-23.el7_2.x86_64.rpm
cc70492e83aa70730a0b885bc00ad645c3ff81c31abcf85a11a06bd8df51895f  openssh-keycat-6.6.1p1-23.el7_2.x86_64.rpm
97ae0347cf1cee17df80c150ff633bfd35d26184f3f9cb1d5b1640af32e9fbeb  openssh-ldap-6.6.1p1-23.el7_2.x86_64.rpm
a5b98159190191c035e260475b6e7fd5a0abeba2babe09749cc2f54748a633dc  openssh-server-6.6.1p1-23.el7_2.x86_64.rpm
7c78c4bcb410d1060463e8bf694f1fe144636042102604a8fbb403e398404b53  openssh-server-sysvinit-6.6.1p1-23.el7_2.x86_64.rpm
93567227a3013b9311dd1669af23e4c2628140c10ce21591ec50afe56b8df8f2  pam_ssh_agent_auth-0.9.3-9.23.el7_2.i686.rpm
c5b9720aec08ee9e853981401dd5946ee4515859d53ec9e86795f7e4403f1db6  pam_ssh_agent_auth-0.9.3-9.23.el7_2.x86_64.rpm

Source:
c0ae36b679f0dd6171897ad8952ec809c968464e685d7a0ae9333ea443132d10  openssh-6.6.1p1-23.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC