#VU2015 Improper input validation in OpenSSH - CVE-2016-10009
Published: December 19, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU2015
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-10009
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
OpenSSH
OpenSSH
Software vendor:
OpenSSH
OpenSSH
Description
The vulnerability allows a remote attacker to execute arbitrary code on vulnerable ssh client.
The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
The vulnerability exists due to incorrect handling of data passed to PKCS#11 module within ssh-agent. A remote attacker with control over sshd service can execute arbitrary code on vulnerable client.
Successful exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on vulnerable client system but requires that client is connected to malicious SSH server.
Remediation
Install the latest version of OpenSSH 7.4.