OpenSUSE Linux update for openssh
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-0777 CVE-2016-0778 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Oracle Linux Operating systems & Components / Operating system macOS Operating systems & Components / Operating system |
| Vendor |
Oracle Apple Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU718
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-0777
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to disclose potentially sensitive information on the target system.
The weakness exists due to access control flaw that allows a malicious user to disclose important data.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.
Update the affected packages.
Oracle Linux: 7
macOS: 10.11 - 10.11.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU719
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-0778
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause denial of service conditions on the target system.
The weakness is due to insufficient access control that allows attackers to cause the service deny.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.
Update the affected packages.
Oracle Linux: 7
macOS: 10.11 - 10.11.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
