Main
Vulnerability Database
Exploits
ID:630 - Exploit for Improper input validation in OpenSSH - CVE-2016-10009
ID:630 - Exploit for Improper input validation in OpenSSH - CVE-2016-10009
Published: March 18, 2020
Vulnerability identifier: #VU2015
Vulnerability risk: Low
CVE-ID: CVE-2016-10009
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
OpenSSH
OpenSSH
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on vulnerable ssh client.
The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
Remediation
Install the latest version of OpenSSH 7.4.