CVE-2016-10012

Priority
Description
The shared memory manager (associated with pre-authentication compression)
in sshd in OpenSSH before 7.4 does not ensure that a bounds check is
enforced by all compilers, which might allows local users to gain
privileges by leveraging access to a sandboxed privilege-separation
process, related to the m_zback and m_zlib data structures.
Notes
 ratliff> Mitigating circumstances noted in the release notes:
 ratliff> This could potentially allow attacks against the
 ratliff> privileged monitor process from the sandboxed privilege-separation
 ratliff> process (a compromise of the latter would be required first).
 ratliff> also "pre-auth compression has been disabled by default in
 ratliff> sshd for >10 years."
Assigned-to
mdeslaur
More Information

Updated: 2019-01-14 21:18:21 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)