Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Related bugs and status

CVE-2016-10708 (Candidate) is related to these bugs:

Bug #1794629: CVE-2018-15473 - User enumeration vulnerability

		In	Importance	Status
1794629	CVE-2018-15473 - User enumeration vulnerability	openssh (Ubuntu)	Low	Fix Released
1794629	CVE-2018-15473 - User enumeration vulnerability	openssh (Ubuntu Bionic)	Undecided	Fix Released
1794629	CVE-2018-15473 - User enumeration vulnerability	openssh (Ubuntu Trusty)	Undecided	Fix Released
1794629	CVE-2018-15473 - User enumeration vulnerability	openssh (Ubuntu Cosmic)	Undecided	Fix Released
1794629	CVE-2018-15473 - User enumeration vulnerability	openssh (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.swiecki.ne...
MISC: https://anongit.mindro...
MISC: https://www.openssh.co...
BID: 102780
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
UBUNTU: USN-3809-1
CONFIRM: https://kc.mcafee.com/...
CONFIRM: https://support.f5.com...
CONFIRM: https://cert-portal.si...