PublicDateAtUSN: 2017-01-04 Candidate: CVE-2016-10009 PublicDate: 2017-01-05 02:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009 https://www.openssh.com/txt/release-7.4 http://www.openwall.com/lists/oss-security/2016/12/19/2 https://ubuntu.com/security/notices/USN-3538-1 Description: Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848714 Priority: low Discovered-by: Jann Horn Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH] Patches_openssh: upstream: https://github.com/openssh/openssh-portable/commit/786d5994da79151180cb14a6cf157ebbba61c0cc upstream: https://github.com/openssh/openssh-portable/commit/25f837646be8c2017c914d34be71ca435dfc0e07 upstream: https://github.com/openssh/openssh-portable/commit/b108ce92aae0ca0376dce9513d953be60e449ae1 upstream: https://github.com/openssh/openssh-portable/commit/1a321bfdb91defe3c4d9cca5651724ae167e5436 upstream_openssh: released (1:7.4p1-1) precise_openssh: ignored (reached end-of-life) precise/esm_openssh: ignored (end of ESM support, was needed) trusty_openssh: released (1:6.6p1-2ubuntu2.10) trusty/esm_openssh: released (1:6.6p1-2ubuntu2.10) vivid/stable-phone-overlay_openssh: ignored (reached end-of-life) vivid/ubuntu-core_openssh: ignored (reached end-of-life) xenial_openssh: released (1:7.2p2-4ubuntu2.4) esm-infra/xenial_openssh: released (1:7.2p2-4ubuntu2.4) yakkety_openssh: ignored (reached end-of-life) zesty_openssh: not-affected (1:7.4p1-1) artful_openssh: not-affected (1:7.4p1-1) bionic_openssh: not-affected (1:7.4p1-1) cosmic_openssh: not-affected (1:7.4p1-1) disco_openssh: not-affected (1:7.4p1-1) eoan_openssh: not-affected (1:7.4p1-1) focal_openssh: not-affected (1:7.4p1-1) groovy_openssh: not-affected (1:7.4p1-1) hirsute_openssh: not-affected (1:7.4p1-1) devel_openssh: not-affected (1:7.4p1-1)