Sales Chat - Click Here

OpenSSH Multiple Vulnerabilities

Jun 28, 2023

OpenSSH Multiple Vulnerabilities

Summary

OpenSSH before version 7.4 is affected by multiple vulnerabilities that may allow abritrary code execution, obtain elevated privileges, or obtain key secure information. Buffalo has resolved these with an 'In-version' patch on the TS6000 series (Firmware 5.12 or later), and the TS5010/ TS3020 / TS3010 series (Firmware 4.56 or later) Most scanners can only look at the base version, so this may still show up as a false positive on many of them.

Vulnerability ID Vulnerability Overview
CVE-2016-10009 A flaw exists in ssh-agent due to loading PKCS#11 modules from paths that are outside a trusted whitelist.
A local attacker can exploit this, by using a crafted request to load hostile modules via agent forwarding, to execute arbitrary code. To exploit this vulnerability, the attacker would need to control the forwarded agent-socket (on the host running the sshd server) and the ability to write to the file system of the host running ssh-agent.
CVE-2016-10011 An information disclosure vulnerability exists in sshd within the realloc() function due leakage of key material to privilege-separated child processes when reading keys. A local attacker can possibly exploit this to disclose sensitive key material. Note that no such leak has been observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users.
CVE-2016-10012 A flaw exists in sshd within the shared memory manager used by pre-authenticating compression support due to a bounds check being elided by some optimizing compilers and due to the memory manager being incorrectly accessible when pre-authenticating compression is disabled. A local attacker can exploit this to gain elevated privileges. 
CVE-2016-10708 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Affected Supported TeraStations

TS6000
TS5010
TS3020 / TS3010

Back to Security Notices

Date Description
6/28/2023 Initial release
X