Bug 1016366 (CVE-2016-10009)

Summary: VUL-0: CVE-2016-10009: openssh: limit pkcs11 module loading
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger, xuanke.han, ydfan
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2016-10009:4.6:(AV:N/AC:H/Au:S/C:P/I:P/A:P) maint:released:oes11-sp2:63407 maint:released:oes2015:63408
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1016336    
Attachments: CVE-2016-10009.patch

Description Marcus Meissner 2016-12-19 16:24:46 UTC
+++ This bug was initially created as a clone of Bug #1016336 +++

this is a tracker bug, sub-security bugs will be split off when they get assigned CVEs.

https://www.openssh.com/txt/release-7.4

> ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
> outside a trusted whitelist
> ...
> code execution on the system running the ssh-agent if the
> attacker has control of the forwarded agent-socket (on the host
> running the sshd server) and the ability to write to the filesystem
> of the host running ssh-agent

Use CVE-2016-10009.
Comment 1 Marcus Meissner 2016-12-19 17:20:46 UTC
Created attachment 707081 [details]
CVE-2016-10009.patch

extract fix from git mirror
Comment 2 Swamp Workflow Management 2016-12-19 23:00:31 UTC
bugbot adjusting priority
Comment 5 Marcus Meissner 2017-01-05 16:29:35 UTC
bin/addnote CVE-2016-10009 "The option of pkcs11 module handling was added in the openssh 6.x series. Older versions of openssh (like 5.1) are not affected."
Comment 7 Swamp Workflow Management 2017-01-23 16:12:56 UTC
SUSE-SU-2017:0264-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016368,1016369,1016370
CVE References: CVE-2016-10009,CVE-2016-10010,CVE-2016-10011,CVE-2016-10012,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openssh-7.2p2-66.1, openssh-askpass-gnome-7.2p2-66.3
SUSE Linux Enterprise Server 12-SP2 (src):    openssh-7.2p2-66.1, openssh-askpass-gnome-7.2p2-66.3
SUSE Linux Enterprise Desktop 12-SP2 (src):    openssh-7.2p2-66.1, openssh-askpass-gnome-7.2p2-66.3
Comment 8 Swamp Workflow Management 2017-01-31 18:09:19 UTC
openSUSE-SU-2017:0344-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016368,1016369,1016370,1021626
CVE References: CVE-2016-10009,CVE-2016-10010,CVE-2016-10011,CVE-2016-10012,CVE-2016-8858
Sources used:
openSUSE Leap 42.2 (src):    openssh-7.2p2-9.1, openssh-askpass-gnome-7.2p2-9.1
Comment 10 Swamp Workflow Management 2017-03-03 20:11:07 UTC
SUSE-SU-2017:0603-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-35.1, openssh-askpass-gnome-6.6p1-35.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-35.1, openssh-askpass-gnome-6.6p1-35.4
Comment 11 Swamp Workflow Management 2017-03-06 11:09:08 UTC
SUSE-SU-2017:0606-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE OpenStack Cloud 5 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Manager Proxy 2.1 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Manager 2.1 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
Comment 12 Swamp Workflow Management 2017-03-06 14:08:26 UTC
SUSE-SU-2017:0607-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
Comment 13 Swamp Workflow Management 2017-03-09 08:09:07 UTC
SUSE-SU-2017:0607-2: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
Comment 14 Swamp Workflow Management 2017-03-09 11:09:35 UTC
SUSE-SU-2017:0607-3: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
Comment 15 Swamp Workflow Management 2017-03-13 14:23:19 UTC
openSUSE-SU-2017:0674-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
openSUSE Leap 42.1 (src):    openssh-6.6p1-17.1, openssh-askpass-gnome-6.6p1-17.1
Comment 17 Swamp Workflow Management 2017-06-23 13:12:16 UTC
SUSE-SU-2017:1661-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssh-openssl1-6.6p1-18.1
Comment 18 Marcus Meissner 2017-06-26 06:46:44 UTC
released