#VU718 Information disclosure in Oracle Linux and macOS - CVE-2016-0777


| Updated: 2017-01-12

Vulnerability identifier: #VU718

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-0777

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Linux
Operating systems & Components / Operating system
macOS
Operating systems & Components / Operating system

Vendor: Oracle
Apple Inc.

Description
The vulnerability allows a remote user to disclose potentially sensitive information on the target system.
The weakness exists due to access control flaw that allows a malicious user to disclose important data.
Successful exploitation of the vulnerability leads to potentially sensitive information disclosure.

Vulnerable software versions

Oracle Linux: 7

macOS: 10.11 - 10.11.3

External links
https://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://support.apple.com/cs-cz/HT206167

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM XIV Gen2
Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter
Multiple vulnerabilities in IBM XIV Gen3
Amazon Linux AMI update for openssh
Gentoo update for OpenSSH
Debian update for openssh
Slackware Linux update for openssh
OpenSUSE Linux update for openssh
OpenSUSE Linux update for openssh
Information disclosure in openssh (Alpine package)