SB2016122004 - Multiple vulnerabilities in OpenSSH for Ubuntu Linux

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2016-10009)

The vulnerability allows a remote attacker to execute arbitrary code on vulnerable ssh client.

The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.

Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.

2) Buffer overflow (CVE-ID: CVE-2016-10012)

The vulnerability allows a local user to execute arbitrary code on vulnerable system with root privileges.

The vulnerability exists in sshd due to a flaw in boundary checks in the shared memory manager that may be skipped by some optimizing compilers. A local user can trigger memory corruption and execute arbitrary code with root privileges. The issue is related to m_zback and m_zlib data structures.

Successful exploitation of this vulnerability may allow a local user to elevate privileges.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://www.openssh.com/txt/release-7.4
• http://www.openwall.com/lists/oss-security/2016/12/19/2
• https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5
• https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9