CVE-2016-10009 - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote

CVE-2016-10009

Summary

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.

References

Vulnerable Configurations

cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:6.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:7.3:p1:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2023 - 18:15)
Impact:
Exploitability:

CWE

CWE-426

CAPEC

Leveraging/Manipulating Configuration File Search Paths
This pattern of attack sees an adversary load a malicious resource into a program's standard path so that when a known command is executed then the system instead executes the malicious component. The adversary can either modify the search path a program uses, like a PATH variable or classpath, or they can manipulate resources on the path to point to their malicious components. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2017:2029

rpms

openssh-0:7.4p1-11.el7
openssh-askpass-0:7.4p1-11.el7
openssh-cavs-0:7.4p1-11.el7
openssh-clients-0:7.4p1-11.el7
openssh-debuginfo-0:7.4p1-11.el7
openssh-keycat-0:7.4p1-11.el7
openssh-ldap-0:7.4p1-11.el7
openssh-server-0:7.4p1-11.el7
openssh-server-sysvinit-0:7.4p1-11.el7
pam_ssh_agent_auth-0:0.10.3-1.11.el7

refmap via4

bid	94968
confirm	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 https://github.com/openbsd/src/commit/9476ce1dd37d3c3218d5640b74c34c65e5f4efe5 https://security.netapp.com/advisory/ntap-20171130-0002/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us https://www.openssh.com/txt/release-7.4
exploit-db	40963
freebsd	FreeBSD-SA-17:01
misc	http://packetstormsecurity.com/files/140261/OpenSSH-Arbitrary-Library-Loading.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1009
mlist	[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update [oss-security] 20161219 Announce: OpenSSH 7.4 released
sectrack	1037490
ubuntu	USN-3538-1

Last major update

20-07-2023 - 18:15

Published

05-01-2017 - 02:59

Last modified

20-07-2023 - 18:15