SB2016122806 - Buffer overflow in openssh (Alpine package)
Published: December 28, 2016
Security Bulletin ID
SB2016122806
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2016-10012)
The vulnerability allows a local user to execute arbitrary code on vulnerable system with root privileges.The vulnerability exists in sshd due to a flaw in boundary checks in the shared memory manager that may be skipped by some optimizing compilers. A local user can trigger memory corruption and execute arbitrary code with root privileges. The issue is related to m_zback and m_zlib data structures.
Successful exploitation of this vulnerability may allow a local user to elevate privileges.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=fc53f0a867675bb56c1838c76fc5d493315e60b3
- https://git.alpinelinux.org/aports/commit/?id=d9b200e3dd0b2a723993f2e6d625bdd54e96a041
- https://git.alpinelinux.org/aports/commit/?id=adecf80bc8f761eaf58245d98a41801e5b62c3d9
- https://git.alpinelinux.org/aports/commit/?id=0b546b415bde5a529ffbc08dd3dc0fe78ba82c26
- https://git.alpinelinux.org/aports/commit/?id=fa08f3fc9380fa80827e8384c993a3b7a101089b
- https://git.alpinelinux.org/aports/commit/?id=51458f4830c2da47954b397d85858f068261ca21
- https://git.alpinelinux.org/aports/commit/?id=8d9a5fa9e94e08a1d10f3adbebb033333acc3789
- https://git.alpinelinux.org/aports/commit/?id=9c2376cca71f3342159e374d66950adab7632f80