← back
CVE-2016-10011

CVE-2016-10011

CVSS 6.2 MEDIUMEPSS 1.1%CWE-119
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.2EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
05 Jan 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:2029https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfhttps://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9https://lists.debian.org/debian-lts-announce/2018/09/msg00010.htmlhttps://security.netapp.com/advisory/ntap-20171130-0002/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_ushttps://www.openssh.com/txt/release-7.4http://www.openwall.com/lists/oss-security/2016/12/19/2http://www.securityfocus.com/bid/94977http://www.securitytracker.com/id/1037490http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637