Information disclosure in openssh (Alpine package)

1) Information disclosure

EUVDB-ID: #VU2068

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-10011

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in authfile.c, which may allow a local authenticated user to obtain host private key material.

Successful exploitation of this vulnerability may allow a local user to gain access to otherwise restricted information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

openssh (Alpine package): 6.8_p1-r8

CPE2.3

• cpe:2.3:o:alpine:openssh_alpine_package:6.8_p1-r8:*:*:*:*:alpine_linux:*:3.1

External links

https://git.alpinelinux.org/aports/commit/?id=2faa284e53851f31d06fbb36a9853d4622b701f4
https://git.alpinelinux.org/aports/commit/?id=b27b200a592ab680135f012a56359d52d2540b09
https://git.alpinelinux.org/aports/commit/?id=cd9e926efc77d1b155c76c221d3d06dace296953
https://git.alpinelinux.org/aports/commit/?id=d9b200e3dd0b2a723993f2e6d625bdd54e96a041
https://git.alpinelinux.org/aports/commit/?id=0b546b415bde5a529ffbc08dd3dc0fe78ba82c26
https://git.alpinelinux.org/aports/commit/?id=fa08f3fc9380fa80827e8384c993a3b7a101089b
https://git.alpinelinux.org/aports/commit/?id=51458f4830c2da47954b397d85858f068261ca21
https://git.alpinelinux.org/aports/commit/?id=8d9a5fa9e94e08a1d10f3adbebb033333acc3789
https://git.alpinelinux.org/aports/commit/?id=9c2376cca71f3342159e374d66950adab7632f80

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.