Bug 1016366 - (CVE-2016-10009) VUL-0: CVE-2016-10009: openssh: limit pkcs11 module loading
(CVE-2016-10009)
VUL-0: CVE-2016-10009: openssh: limit pkcs11 module loading
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Petr Cerny
Security Team bot
CVSSv2:SUSE:CVE-2016-10009:4.6:(AV:N...
:
Depends on:
Blocks: 1016336
  Show dependency treegraph
 
Reported: 2016-12-19 16:24 UTC by Marcus Meissner
Modified: 2020-10-21 09:18 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2016-10009.patch (5.56 KB, patch)
2016-12-19 17:20 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-12-19 16:24:46 UTC
+++ This bug was initially created as a clone of Bug #1016336 +++

this is a tracker bug, sub-security bugs will be split off when they get assigned CVEs.

https://www.openssh.com/txt/release-7.4

> ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
> outside a trusted whitelist
> ...
> code execution on the system running the ssh-agent if the
> attacker has control of the forwarded agent-socket (on the host
> running the sshd server) and the ability to write to the filesystem
> of the host running ssh-agent

Use CVE-2016-10009.
Comment 1 Marcus Meissner 2016-12-19 17:20:46 UTC
Created attachment 707081 [details]
CVE-2016-10009.patch

extract fix from git mirror
Comment 2 Swamp Workflow Management 2016-12-19 23:00:31 UTC
bugbot adjusting priority
Comment 5 Marcus Meissner 2017-01-05 16:29:35 UTC
bin/addnote CVE-2016-10009 "The option of pkcs11 module handling was added in the openssh 6.x series. Older versions of openssh (like 5.1) are not affected."
Comment 7 Swamp Workflow Management 2017-01-23 16:12:56 UTC
SUSE-SU-2017:0264-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016368,1016369,1016370
CVE References: CVE-2016-10009,CVE-2016-10010,CVE-2016-10011,CVE-2016-10012,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openssh-7.2p2-66.1, openssh-askpass-gnome-7.2p2-66.3
SUSE Linux Enterprise Server 12-SP2 (src):    openssh-7.2p2-66.1, openssh-askpass-gnome-7.2p2-66.3
SUSE Linux Enterprise Desktop 12-SP2 (src):    openssh-7.2p2-66.1, openssh-askpass-gnome-7.2p2-66.3
Comment 8 Swamp Workflow Management 2017-01-31 18:09:19 UTC
openSUSE-SU-2017:0344-1: An update that solves 5 vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016368,1016369,1016370,1021626
CVE References: CVE-2016-10009,CVE-2016-10010,CVE-2016-10011,CVE-2016-10012,CVE-2016-8858
Sources used:
openSUSE Leap 42.2 (src):    openssh-7.2p2-9.1, openssh-askpass-gnome-7.2p2-9.1
Comment 10 Swamp Workflow Management 2017-03-03 20:11:07 UTC
SUSE-SU-2017:0603-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-35.1, openssh-askpass-gnome-6.6p1-35.4
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-35.1, openssh-askpass-gnome-6.6p1-35.4
Comment 11 Swamp Workflow Management 2017-03-06 11:09:08 UTC
SUSE-SU-2017:0606-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE OpenStack Cloud 5 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Manager Proxy 2.1 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Manager 2.1 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.40.1, openssh-askpass-gnome-6.2p2-0.40.3
Comment 12 Swamp Workflow Management 2017-03-06 14:08:26 UTC
SUSE-SU-2017:0607-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
Comment 13 Swamp Workflow Management 2017-03-09 08:09:07 UTC
SUSE-SU-2017:0607-2: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
Comment 14 Swamp Workflow Management 2017-03-09 11:09:35 UTC
SUSE-SU-2017:0607-3: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.7.1, openssh-askpass-gnome-6.6p1-54.7.1
Comment 15 Swamp Workflow Management 2017-03-13 14:23:19 UTC
openSUSE-SU-2017:0674-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
openSUSE Leap 42.1 (src):    openssh-6.6p1-17.1, openssh-askpass-gnome-6.6p1-17.1
Comment 17 Swamp Workflow Management 2017-06-23 13:12:16 UTC
SUSE-SU-2017:1661-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 1005480,1005893,1006221,1016366,1016369
CVE References: CVE-2016-10009,CVE-2016-10011,CVE-2016-8858
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssh-openssl1-6.6p1-18.1
Comment 18 Marcus Meissner 2017-06-26 06:46:44 UTC
released