1076957 – (CVE-2016-10708) VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage, as demonstrated by Honggfuzz, related to kex

Bug 1076957 (CVE-2016-10708) - VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYSmessage, as demonstrated by Honggfuzz, related to kex

Summary: VUL-0: CVE-2016-10708: openssh: sshd in OpenSSH before 7.4 allows remote atta...

Status:	RESOLVED FIXED
Duplicates (1):	1106726 (view as bug list)

Alias:	CVE-2016-10708

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Hans Petter Jansson
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/198718/
Whiteboard:	CVSSv3:SUSE:CVE-2016-10708:5.3:(AV:N/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-01-22 07:08 UTC by Marcus Meissner
Modified:	2024-05-24 11:14 UTC (History)
CC List:	10 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
SLE-11-SP3 patch (1.41 KB, patch) 2018-10-10 14:46 UTC, Pedro Monreal Gonzalez	Details \| Diff
SLE-11-SP1 patch (1.36 KB, patch) 2018-10-10 14:47 UTC, Pedro Monreal Gonzalez	Details \| Diff
SLE-10-SP3 patch (1.41 KB, patch) 2018-10-10 14:52 UTC, Pedro Monreal Gonzalez	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-01-22 07:08:01 UTC

CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service
(NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS
message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10708
http://www.cvedetails.com/cve/CVE-2016-10708/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10708
https://www.openssh.com/releasenotes.html
https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html

Comment 6 Swamp Workflow Management 2018-07-19 13:10:33 UTC

SUSE-SU-2018:1989-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    openssh-7.2p2-74.19.1, openssh-askpass-gnome-7.2p2-74.19.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openssh-7.2p2-74.19.1, openssh-askpass-gnome-7.2p2-74.19.1
SUSE CaaS Platform ALL (src):    openssh-7.2p2-74.19.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.19.1

Comment 8 Swamp Workflow Management 2018-07-28 14:03:29 UTC

openSUSE-SU-2018:2128-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
openSUSE Leap 42.3 (src):    openssh-7.2p2-21.1, openssh-askpass-gnome-7.2p2-21.1

Comment 9 Swamp Workflow Management 2018-08-09 19:10:33 UTC

SUSE-SU-2018:2275-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1016370,1017099,1023275,1053972,1065000,1069509,1076957
CVE References: CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    openssh-6.6p1-36.3.1, openssh-askpass-gnome-6.6p1-36.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssh-6.6p1-36.3.1, openssh-askpass-gnome-6.6p1-36.3.1

Comment 10 Swamp Workflow Management 2018-08-27 13:12:08 UTC

SUSE-SU-2018:2530-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
SUSE OpenStack Cloud 7 (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
SUSE Enterprise Storage 4 (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1
OpenStack Cloud Magnum Orchestration 7 (src):    openssh-7.2p2-74.25.1

Comment 13 Swamp Workflow Management 2018-09-11 13:09:34 UTC

SUSE-SU-2018:2685-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (moderate)
Bug References: 1016370,1017099,1023275,1048367,1053972,1065000,1069509,1076957,1092582
CVE References: CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    openssh-6.6p1-54.15.2, openssh-askpass-gnome-6.6p1-54.15.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    openssh-6.6p1-54.15.2, openssh-askpass-gnome-6.6p1-54.15.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssh-6.6p1-54.15.2, openssh-askpass-gnome-6.6p1-54.15.1

Comment 14 Swamp Workflow Management 2018-09-14 19:09:50 UTC

SUSE-SU-2018:2719-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1016370,1017099,1023275,1053972,1065000,1069509,1076957
CVE References: CVE-2008-1483,CVE-2016-10012,CVE-2016-10708,CVE-2017-15906
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssh-openssl1-6.6p1-19.3.1

Comment 17 Pedro Monreal Gonzalez 2018-10-10 14:46:40 UTC

Created attachment 785667 [details]
SLE-11-SP3 patch

Comment 18 Pedro Monreal Gonzalez 2018-10-10 14:47:32 UTC

Created attachment 785668 [details]
SLE-11-SP1 patch

Comment 19 Pedro Monreal Gonzalez 2018-10-10 14:52:50 UTC

Created attachment 785671 [details]
SLE-10-SP3 patch

Comment 20 Pedro Monreal Gonzalez 2018-10-10 15:39:51 UTC

We'll submit shortly.

Comment 21 Pedro Monreal Gonzalez 2018-10-10 15:42:16 UTC

*** Bug 1106726 has been marked as a duplicate of this bug. ***

Comment 22 Swamp Workflow Management 2018-10-18 17:55:19 UTC

SUSE-SU-2018:2530-2: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1076957
CVE References: CVE-2016-10708
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openssh-7.2p2-74.25.1, openssh-askpass-gnome-7.2p2-74.25.1

Comment 26 Swamp Workflow Management 2018-10-29 11:09:13 UTC

SUSE-SU-2018:3540-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1016370,1065000,1076957,1105010,1105180,1106163,1106726
CVE References: CVE-2016-10012,CVE-2016-10708,CVE-2017-15906,CVE-2018-15473,CVE-2018-15919
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssh-6.2p2-0.41.5.1, openssh-askpass-gnome-6.2p2-0.41.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssh-6.2p2-0.41.5.1, openssh-askpass-gnome-6.2p2-0.41.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssh-6.2p2-0.41.5.1, openssh-askpass-gnome-6.2p2-0.41.5.1

Comment 32 Alexander Bergmann 2024-05-24 11:14:45 UTC

Released. Closing bug.