Improper input validation in OpenSSH - CVE-2016-10009
Published: December 19, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU2015
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-10009
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: OpenSSH
Affected software:
OpenSSH
OpenSSH
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on vulnerable ssh client.
The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
How to mitigate CVE-2016-10009
Install the latest version of OpenSSH 7.4.