Bug 1076957 - (CVE-2016-10708) VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage, as demonstrated by Honggfuzz, related to kex
(CVE-2016-10708)
VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote atta...
Status: NEW
: 1106726 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Hans Petter Jansson
Security Team bot
https://smash.suse.de/issue/198718/
CVSSv3:SUSE:CVE-2016-10708:5.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-22 07:08 UTC by Marcus Meissner
Modified: 2020-06-22 12:41 UTC (History)
9 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
SLE-11-SP3 patch (1.41 KB, patch)
2018-10-10 14:46 UTC, Pedro Monreal Gonzalez
Details | Diff
SLE-11-SP1 patch (1.36 KB, patch)
2018-10-10 14:47 UTC, Pedro Monreal Gonzalez
Details | Diff
SLE-10-SP3 patch (1.41 KB, patch)
2018-10-10 14:52 UTC, Pedro Monreal Gonzalez
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-01-22 07:08:01 UTC
CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service
(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS
message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10708
http://www.cvedetails.com/cve/CVE-2016-10708/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708
https://www.openssh.com/releasenotes.html
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
Comment 6 Swamp Workflow Management 2018-07-19 13:10:33 UTC
SUSE-SU-2018:1989-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    openssh-7.2p2-74.19.1, openssh-askpass-gnome-7.2p2-74.19.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssh-7.2p2-74.19.1, openssh-askpass-gnome-7.2p2-74.19.1
SUSE CaaS Platform ALL (src):    openssh-7.2p2-74.19.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.19.1
Comment 8 Swamp Workflow Management 2018-07-28 14:03:29 UTC
openSUSE-SU-2018:2128-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
openSUSE Leap 42.3 (src):    openssh-7.2p2-21.1, openssh-askpass-gnome-7.2p2-21.1
Comment 9 Swamp Workflow Management 2018-08-09 19:10:33 UTC
SUSE-SU-2018:2275-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1016370,1017099,1023275,1053972,1065000,1069509,1076957
CVE References: CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-36.3.1, openssh-askpass-gnome-6.6p1-36.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-36.3.1, openssh-askpass-gnome-6.6p1-36.3.1
Comment 10 Swamp Workflow Management 2018-08-27 13:12:08 UTC
SUSE-SU-2018:2530-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
SUSE OpenStack Cloud 7 (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
SUSE Enterprise Storage 4 (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.25.1
Comment 13 Swamp Workflow Management 2018-09-11 13:09:34 UTC
SUSE-SU-2018:2685-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1016370,1017099,1023275,1048367,1053972,1065000,1069509,1076957,1092582
CVE References: CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssh-6.6p1-54.15.2, openssh-askpass-gnome-6.6p1-54.15.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssh-6.6p1-54.15.2, openssh-askpass-gnome-6.6p1-54.15.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.15.2, openssh-askpass-gnome-6.6p1-54.15.1
Comment 14 Swamp Workflow Management 2018-09-14 19:09:50 UTC
SUSE-SU-2018:2719-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1016370,1017099,1023275,1053972,1065000,1069509,1076957
CVE References: CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssh-openssl1-6.6p1-19.3.1
Comment 17 Pedro Monreal Gonzalez 2018-10-10 14:46:40 UTC
Created attachment 785667 [details]
SLE-11-SP3 patch
Comment 18 Pedro Monreal Gonzalez 2018-10-10 14:47:32 UTC
Created attachment 785668 [details]
SLE-11-SP1 patch
Comment 19 Pedro Monreal Gonzalez 2018-10-10 14:52:50 UTC
Created attachment 785671 [details]
SLE-10-SP3 patch
Comment 20 Pedro Monreal Gonzalez 2018-10-10 15:39:51 UTC
We'll submit shortly.
Comment 21 Pedro Monreal Gonzalez 2018-10-10 15:42:16 UTC
*** Bug 1106726 has been marked as a duplicate of this bug. ***
Comment 22 Swamp Workflow Management 2018-10-18 17:55:19 UTC
SUSE-SU-2018:2530-2: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
Comment 26 Swamp Workflow Management 2018-10-29 11:09:13 UTC
SUSE-SU-2018:3540-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1016370,1065000,1076957,1105010,1105180,1106163,1106726
CVE References: CVE-2016-10012,CVE-2016-10708,CVE-2017-15906,CVE-2018-15473,CVE-2018-15919
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssh-6.2p2-0.41.5.1, openssh-askpass-gnome-6.2p2-0.41.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssh-6.2p2-0.41.5.1, openssh-askpass-gnome-6.2p2-0.41.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.41.5.1, openssh-askpass-gnome-6.2p2-0.41.5.1