Candidate: CVE-2016-1235
PublicDate: 2016-04-11 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1235
 https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
Description:
 The oarsh script in OAR before 2.5.7 allows remote authenticated users of a
 cluster to obtain sensitive information and possibly gain privileges via
 vectors related to OpenSSH options.
Ubuntu-Description:
 It was discovered that OAR incorrectly handled OpenSSH options. An
 attacker could possibly use this issue to obtain sensitive information
 or gain privileges.
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819952
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_oar:
upstream_oar: released (2.5.7-1)
precise_oar: DNE
precise/esm_oar: DNE
trusty_oar: ignored (reached end-of-life)
trusty/esm_oar: DNE (trusty was needed)
vivid/stable-phone-overlay_oar: DNE
vivid/ubuntu-core_oar: DNE
wily_oar: released (2.5.4-2+deb8u1build0.15.10.1)
xenial_oar: ignored (end of standard support, was needed)
yakkety_oar: ignored (reached end-of-life)
zesty_oar: ignored (reached end-of-life)
artful_oar: ignored (reached end-of-life)
bionic_oar: not-affected (2.5.7-1)
cosmic_oar: not-affected (2.5.7-1)
disco_oar: not-affected (2.5.7-1)
eoan_oar: not-affected (2.5.7-1)
focal_oar: not-affected (2.5.7-1)
groovy_oar: not-affected (2.5.7-1)
hirsute_oar: not-affected (2.5.7-1)
impish_oar: not-affected (2.5.7-1)
jammy_oar: not-affected (2.5.7-1)
devel_oar: not-affected (2.5.7-1)