OpenSSH ‘roaming_read’和‘roaming_write’函数拒绝服务漏洞

admin

0
文章

0
评论

2023-12-05 18:17:55 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 OpenSSH ‘roaming_read’和‘roaming_write’函数拒绝服务漏洞

CVE编号

CVE-2016-0778

利用情况

暂无

补丁情况

官方补丁

披露时间

2016-01-15

漏洞描述

OpenSSH是使用SSH通过计算机网络加密通信的实现。版本号在5.x, 6.x, 和7.1p2之前的7.x的OpenSSH会受到影响，该漏洞允许远程攻击者发起拒绝服务攻击。

解决建议

厂商已发布了漏洞修复程序，请及时关注更新（或目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载）：http://www.openssh.com/txt/release-7.1p2

参考链接
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-...
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80698
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	openbsd	openssh	5.4	-
	运行在以下环境
	应用	openbsd	openssh	5.5	-
	运行在以下环境
	应用	openbsd	openssh	5.6	-
	运行在以下环境
	应用	openbsd	openssh	5.7	-
	运行在以下环境
	应用	openbsd	openssh	5.8	-
	运行在以下环境
	应用	openbsd	openssh	5.9	-
	运行在以下环境
	应用	openbsd	openssh	6.0	-
	运行在以下环境
	应用	openbsd	openssh	6.1	-
	运行在以下环境
	应用	openbsd	openssh	6.2	-
	运行在以下环境
	应用	openbsd	openssh	6.3	-
	运行在以下环境
	应用	openbsd	openssh	6.4	-
	运行在以下环境
	应用	openbsd	openssh	6.5	-
	运行在以下环境
	应用	openbsd	openssh	6.6	-
	运行在以下环境
	应用	openbsd	openssh	6.7	-
	运行在以下环境
	应用	openbsd	openssh	6.8	-
	运行在以下环境
	应用	openbsd	openssh	6.9	-
	运行在以下环境
	应用	openbsd	openssh	7.0	-
	运行在以下环境
	应用	openbsd	openssh	7.1	-
	运行在以下环境
	应用	sophos	unified_threat_management_software	9.353	-
	运行在以下环境
	系统	amazon_AMI	openssh	*		Up to (excluding) 6.6.1p1-23.59.amzn1
	运行在以下环境
	系统	apple	mac_os_x	*	From (including) 10.10.0	Up to (including) 10.10.5
	运行在以下环境
	系统	apple	mac_os_x	*	From (including) 10.11.0	Up to (including) 10.11.3
	运行在以下环境
	系统	apple	mac_os_x	*	From (including) 10.9.0	Up to (including) 10.9.5
	运行在以下环境
	系统	centos_7	openssh	*		Up to (excluding) 6.6.1p1-23.el7_2
	运行在以下环境
	系统	debian	DPKG	*		Up to (excluding) 1:7.1p2-1
	运行在以下环境
	系统	debian_10	openssh	*		Up to (excluding) 1:7.1p2-1
	运行在以下环境
	系统	debian_11	openssh	*		Up to (excluding) 1:7.1p2-1
	运行在以下环境
	系统	debian_12	openssh	*		Up to (excluding) 1:7.1p2-1
	运行在以下环境
	系统	debian_6	openssh	*		Up to (excluding) 1:5.5p1-6+squeeze8
	运行在以下环境
	系统	debian_7	openssh	*		Up to (excluding) 1:6.0p1-4+deb7u3
	运行在以下环境
	系统	debian_8	openssh	*		Up to (excluding) 1:6.7p1-5+deb8u6
	运行在以下环境
系统	debian_sid	openssh	*		Up to (excluding) 1:7.1p2-1
运行在以下环境
系统	fedora_22	gsi-openssh	*		Up to (excluding) 6.9p1-7.fc22
运行在以下环境
系统	fedora_23	gsi-openssh	*		Up to (excluding) 7.1p2-1.fc23
运行在以下环境
系统	fedora_EPEL_7	gsi-openssh	*		Up to (excluding) 6.6.1p1-3.el7
运行在以下环境
系统	hp	virtual_customer_access_system	*		Up to (including) 15.07
运行在以下环境
系统	opensuse_11.4	openssh-askpass-debuginfo	*		Up to (excluding) 5.8p1-11.1
运行在以下环境
系统	opensuse_13.1	openssh-debuginfo-6.2p2	*		Up to (excluding) 3.7.1
运行在以下环境
系统	opensuse_13.2	openssh-helpers-debuginfo-6.6p1	*		Up to (excluding) 5.3.1
运行在以下环境
系统	opensuse_Leap_42.1	openssh-fips	*		Up to (excluding) 6.6p1-8.1
运行在以下环境
系统	oracle	linux	7	-
运行在以下环境
系统	oracle	solaris	11.3	-
运行在以下环境
系统	oracle_7	oraclelinux-release	*		Up to (excluding) 0.9.3-9.23.el7_2
运行在以下环境
系统	redhat_7	openssh	*		Up to (excluding) 6.6.1p1-23.el7_2
运行在以下环境
系统	suse_11_SP3	openssh-askpass-6.2p2	*		Up to (excluding) 0.24.1
运行在以下环境
系统	suse_11_SP4	openssh	*		Up to (excluding) 6.6p1-16.1
运行在以下环境
系统	suse_12	openssh	*		Up to (excluding) 6.6p1-33.1
运行在以下环境
系统	suse_12_SP1	openssh	*		Up to (excluding) 6.6p1-33.1
运行在以下环境
系统	ubuntu_12.04.5_lts	openssh	*		Up to (excluding) 1:5.9p1-5ubuntu1.8
运行在以下环境
系统	ubuntu_14.04	openssh	*		Up to (excluding) 1:6.6p1-2ubuntu2.4
运行在以下环境
系统	ubuntu_14.04.6_lts	openssh	*		Up to (excluding) 1:6.6p1-2ubuntu2.4