Privilege escalation in openssh (Alpine package)

Published: 2016-12-28

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2016-10010
CWE-ID	CWE-264
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	openssh (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Privilege escalation

EUVDB-ID: #VU2053

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-10010

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to execute arbitrary code on vulnerable system with root privileges.

The vulnerability exists due to an error in sshd in serverloop.c, which may allow a local authenticated user to execute arbitrary code with root privileges via a forwarded Unix-domain socket.

Successful exploitation of this vulnerability may allow a local user to elevate privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

openssh (Alpine package): 6.8_p1-r8

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.