CVE-2016-10012

Priority
Low
Description
The shared memory manager (associated with pre-authentication compression)
in sshd in OpenSSH before 7.4 does not ensure that a bounds check is
enforced by all compilers, which might allows local users to gain
privileges by leveraging access to a sandboxed privilege-separation
process, related to the m_zback and m_zlib data structures.
References
Bugs
Notes
 ratliff> Mitigating circumstances noted in the release notes:
 ratliff> This could potentially allow attacks against the
 ratliff> privileged monitor process from the sandboxed privilege-separation
 ratliff> process (a compromise of the latter would be required first).
 ratliff> also "pre-auth compression has been disabled by default in
 ratliff> sshd for >10 years."
Assigned-to
sbeattie
Package
Upstream:released (1:7.4p1-1)
Ubuntu 17.10 (Artful Aardvark):not-affected (1:7.4p1-1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu Core 15.04:needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 17.04 (Zesty Zapus):not-affected (1:7.4p1-1)
Patches:
Upstream:https://github.com/openssh/openssh-portable/commit/0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f
Upstream:https://github.com/openssh/openssh-portable/commit/4577adead6a7d600c8e764619d99477a08192c8f
Upstream:https://github.com/openssh/openssh-portable/commit/b7689155f3f5c4999846c07a852b1c7a43b09cec
More Information

Updated: 2017-08-11 23:19:28 UTC (commit 13081)