wid-sec-w-2023-1996
Vulnerability from csaf_certbund
Published
2016-12-19 23:00
Modified
2024-05-07 22:00
Summary
OpenSSH: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenSSH ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen, seine Privilegien zu erweitern oder einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux - UNIX



{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in OpenSSH ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren, seine Privilegien zu erweitern oder einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1996 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2023-1996.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1996 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1996"
      },
      {
        "category": "external",
        "summary": "OpenSSH 7.4 Release vom 2016-12-19",
        "url": "http://www.openssh.com/txt/release-7.4"
      },
      {
        "category": "external",
        "summary": "SecurityTracker Alert ID 1037490 vom 2016-12-19",
        "url": "http://www.securitytracker.com/id/1037490"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory: FreeBSD-SA-17:01.openssh.asc",
        "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0264-1 vom 2017-01-24",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170264-1.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K64292204 vom 2017-01-24",
        "url": "https://support.f5.com/csp/article/K64292204"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K31440025 vom 2017-01-24",
        "url": "https://support.f5.com/csp/article/K31440025"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K62201745 vom 2017-01-27",
        "url": "https://support.f5.com/csp/article/K62201745"
      },
      {
        "category": "external",
        "summary": "IBM Security Advisory openssh_advisory10.asc",
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory10.asc"
      },
      {
        "category": "external",
        "summary": "The FreeBSD Project Security Advisory: FreeBSD-SA-17:01.openssh",
        "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0603-1 vom 2017-03-03",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170603-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0607-1 vom 2017-03-06",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170607-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0606-1 vom 2017-03-06",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170606-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1661-1 vom 2017-06-24",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171661-1.html"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory: RHSA-2017:2029",
        "url": "https://access.redhat.com/errata/RHSA-2017:2029"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3538-1 vom 2018-01-22",
        "url": "http://www.ubuntu.com/usn/usn-3538-1/"
      },
      {
        "category": "external",
        "summary": "McAfee Security Bulletin: SB10239",
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10239"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2275-1 vom 2018-08-10",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182275-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2685-1 vom 2018-09-11",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182685-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2719-1 vom 2018-09-15",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182719-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:3540-1 vom 2018-10-29",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183540-1.html"
      },
      {
        "category": "external",
        "summary": "Palo Alto Networks Security Advisory PAN-SA-2020-0005 vom 2020-05-13",
        "url": "https://security.paloaltonetworks.com/PAN-SA-2020-0005"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisory JSA11169 vom 2021-04-16",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11169"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2176 vom 2023-08-09",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2176.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-1802 vom 2023-08-23",
        "url": "https://alas.aws.amazon.com/ALAS-2023-1802.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSH: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-07T22:00:00.000+00:00",
      "generator": {
        "date": "2024-05-08T08:11:14.800+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-1996",
      "initial_release_date": "2016-12-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-12-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-12-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-12-19T23:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-01-10T23:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-23T23:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-23T23:00:00.000+00:00",
          "number": "6",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-23T23:00:00.000+00:00",
          "number": "7",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-01-29T23:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-20T23:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-02-20T23:00:00.000+00:00",
          "number": "10",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-02-20T23:00:00.000+00:00",
          "number": "11",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-02-22T23:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-05T23:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-06T23:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2017-03-06T23:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-06-26T22:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-01T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-07T22:00:00.000+00:00",
          "number": "18",
          "summary": "Added references"
        },
        {
          "date": "2018-06-13T22:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "20",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "21",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-09T22:00:00.000+00:00",
          "number": "22",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-23T22:00:00.000+00:00",
          "number": "23",
          "summary": "Added references"
        },
        {
          "date": "2018-09-11T22:00:00.000+00:00",
          "number": "24",
          "summary": "Produkte erg\u00e4nzt"
        },
        {
          "date": "2018-09-11T22:00:00.000+00:00",
          "number": "25",
          "summary": "New remediations available"
        },
        {
          "date": "2018-09-16T22:00:00.000+00:00",
          "number": "26",
          "summary": "New remediations available"
        },
        {
          "date": "2018-10-29T23:00:00.000+00:00",
          "number": "27",
          "summary": "New remediations available"
        },
        {
          "date": "2020-05-13T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Palo Alto Networks aufgenommen"
        },
        {
          "date": "2021-04-15T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2023-08-08T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-08-23T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "32"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "FreeBSD Project FreeBSD OS",
            "product": {
              "name": "FreeBSD Project FreeBSD OS",
              "product_id": "4035",
              "product_identification_helper": {
                "cpe": "cpe:/o:freebsd:freebsd:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM AIX",
            "product": {
              "name": "IBM AIX",
              "product_id": "5094",
              "product_identification_helper": {
                "cpe": "cpe:/o:ibm:aix:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "IBM VIOS",
            "product": {
              "name": "IBM VIOS",
              "product_id": "T004571",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:vios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "5930",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp Data ONTAP",
            "product": {
              "name": "NetApp Data ONTAP",
              "product_id": "7654",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:data_ontap:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.4",
                "product": {
                  "name": "Open Source OpenSSH \u003c7.4",
                  "product_id": "8223",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openbsd:openssh:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSH"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "PaloAlto Networks PAN-OS",
            "product": {
              "name": "PaloAlto Networks PAN-OS",
              "product_id": "T012790",
              "product_identification_helper": {
                "cpe": "cpe:/o:paloaltonetworks:pan-os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "PaloAlto Networks"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-10009",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit dem ssh-agent(1). Diese Schwachstelle beruht darauf, dass \u00fcber den ssh-agent PKCS#11 Module von nicht vertrauensw\u00fcrdigen Pfaden geladen werden k\u00f6nnen. Ein Angreifer kann diese Schwachstelle ausnutzen, um \u00fcber einen weitergeleiteten Agent Channel malizi\u00f6se PKCS#11 Module zu laden. Da es sich bei PKCS#11 Module um geteilte Bibliotheken (Shared Libraries) handelt, ist in der Folge Codeausf\u00fchrung auf dem System, das den ssh-agent ausf\u00fchrt, m\u00f6glich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "4035",
          "T000126",
          "T034583",
          "398363",
          "5094",
          "T004571"
        ]
      },
      "release_date": "2016-12-19T23:00:00Z",
      "title": "CVE-2016-10009"
    },
    {
      "cve": "CVE-2016-10010",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSH im Zusammenhang mit sshd(8). Wenn \"Privilege Separation\" deaktiviert ist, dann k\u00f6nnen \u00fcber sshd(8) \"forwarded Unix-Domain Sockets\" mit root-Berechtigungen erzeugt werden, anstatt mit den Berechtigungen des authentisierten Benutzers. Somit ist ein Angreifer in der Lage seine Privilegien zu erh\u00f6hen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "4035",
          "T000126",
          "T034583",
          "398363"
        ]
      },
      "release_date": "2016-12-19T23:00:00Z",
      "title": "CVE-2016-10010"
    },
    {
      "cve": "CVE-2016-10011",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Diese Schwachstelle beruht auf einer fehlerhaften Berechtigungstrennung bei Child-Prozessen \u00fcber \"reallloc()\", wenn SSH Schl\u00fcssel gelesen werden. In der Folge kann ein Angreifer diese Schwachstelle ausnutzen, um Teile des Host Private Key offenzulegen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T000126",
          "T034583",
          "398363"
        ]
      },
      "release_date": "2016-12-19T23:00:00Z",
      "title": "CVE-2016-10011"
    },
    {
      "cve": "CVE-2016-10012",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Die Schwachstelle basiert auf einer fehlerhaften Kontrolle der Puffergrenzen des \"Shared Memory Managers\". Ein Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erh\u00f6hen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "T000126",
          "T034583",
          "398363"
        ]
      },
      "release_date": "2016-12-19T23:00:00Z",
      "title": "CVE-2016-10012"
    },
    {
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Denial of Service Schwachstelle in OpenSSH im Zusammenhang mit sshd(8). Diese Schwachstelle besteht aufgrund fehlerhafter Verarbeitung von KEXINIT Nachrichten. In der Folge kann ein entfernter anonymer Angreifer diese Schwachstelle durch Senden von mehreren KEXINIT Nachrichten ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "67646",
          "4035",
          "T000126",
          "7654",
          "T034583",
          "5930",
          "398363",
          "5094",
          "T004571",
          "T012790"
        ]
      },
      "release_date": "2016-12-20T23:00:00Z"
    },
    {
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in OpenSSH in Verbindung mit sshd(8). Diese Schwachstelle beruht darauf, dass Adressbereichen f\u00fcr \"AllowUser\" und \"DenyUsers\" Direktiven fehlerhaft validiert werden. In der Folge werden durch die Konfiguration ung\u00fcltiger CIDR Adressbereiche (z.B. benutzer@127.1.1.2/55) Zugriffe erlaubt bzw. erm\u00f6glicht, welche nicht beabsichtigt wurden."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "T002207",
          "T000126",
          "T034583",
          "398363"
        ]
      },
      "release_date": "2016-12-20T23:00:00Z"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.