SB2017010313 - Fedora 25 update for openssh 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017010313

SB2017010313 - Fedora 25 update for openssh

Published: January 3, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017010313
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2016-10009)

The vulnerability allows a remote attacker to execute arbitrary code on vulnerable ssh client.

The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.

Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.


2) Privilege escalation (CVE-ID: CVE-2016-10010)

The vulnerability allows a local user to execute arbitrary code on vulnerable system with root privileges.

The vulnerability exists due to an error in sshd in serverloop.c, which may allow a local authenticated user to execute arbitrary code with root privileges via a forwarded Unix-domain socket.

Successful exploitation of this vulnerability may allow a local user to elevate privileges.


3) Information disclosure (CVE-ID: CVE-2016-10011)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in authfile.c, which may allow a local authenticated user to obtain host private key material.

Successful exploitation of this vulnerability may allow a local user to gain access to otherwise restricted information.


4) Buffer overflow (CVE-ID: CVE-2016-10012)

The vulnerability allows a local user to execute arbitrary code on vulnerable system with root privileges.

The vulnerability exists in sshd due to a flaw in boundary checks in the shared memory manager that may be skipped by some optimizing compilers. A local user can trigger memory corruption and execute arbitrary code with root privileges. The issue is related to m_zback and m_zlib data structures.

Successful exploitation of this vulnerability may allow a local user to elevate privileges.


Remediation

Install update from vendor's website.

References