低危 Apple Mac OS X 至 10.11.3 OpenSSH Key 信息泄漏漏洞

CVE编号

CVE-2016-0777

利用情况

暂无

补丁情况

官方补丁

披露时间

2016-01-15
漏洞描述
OpenSSH是使用SSH通过计算机网络加密通信的实现。
版本号在5.x, 6.x, 和7.1p2之前的7.x的OpenSSH会受到影响,该漏洞允许远程攻击者获取敏感信息。
解决建议
厂商已发布了漏洞修复程序,请及时关注更新(或目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载):
http://www.openssh.com/txt/release-7.1p2
参考链接
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176516.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175592.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175676.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176349.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00014.html
http://packetstormsecurity.com/files/135273/Qualys-Security-Advisory-OpenSSH-...
http://seclists.org/fulldisclosure/2016/Jan/44
http://www.debian.org/security/2016/dsa-3446
http://www.openssh.com/txt/release-7.1p2
http://www.openwall.com/lists/oss-security/2016/01/14/7
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/archive/1/537295/100/0/threaded
http://www.securityfocus.com/bid/80695
http://www.securitytracker.com/id/1034671
http://www.ubuntu.com/usn/USN-2869-1
https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/
https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/
https://bto.bluecoat.com/security-advisory/sa109
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:07.openssh.asc
https://security.gentoo.org/glsa/201601-01
https://support.apple.com/HT206167
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 hp remote_device_access_virtual_customer_access_system * Up to
(including)
15.07
运行在以下环境
应用 openbsd openssh 5.0 -
运行在以下环境
应用 openbsd openssh 5.1 -
运行在以下环境
应用 openbsd openssh 5.2 -
运行在以下环境
应用 openbsd openssh 5.3 -
运行在以下环境
应用 openbsd openssh 5.4 -
运行在以下环境
应用 openbsd openssh 5.5 -
运行在以下环境
应用 openbsd openssh 5.6 -
运行在以下环境
应用 openbsd openssh 5.7 -
运行在以下环境
应用 openbsd openssh 5.8 -
运行在以下环境
应用 openbsd openssh 5.9 -
运行在以下环境
应用 openbsd openssh 6.0 -
运行在以下环境
应用 openbsd openssh 6.1 -
运行在以下环境
应用 openbsd openssh 6.2 -
运行在以下环境
应用 openbsd openssh 6.3 -
运行在以下环境
应用 openbsd openssh 6.4 -
运行在以下环境
应用 openbsd openssh 6.5 -
运行在以下环境
应用 openbsd openssh 6.6 -
运行在以下环境
应用 openbsd openssh 6.7 -
运行在以下环境
应用 openbsd openssh 6.8 -
运行在以下环境
应用 openbsd openssh 6.9 -
运行在以下环境
应用 openbsd openssh 7.0 -
运行在以下环境
应用 openbsd openssh 7.1 -
运行在以下环境
应用 sophos unified_threat_management_software 9.318 -
运行在以下环境
应用 sophos unified_threat_management_software 9.353 -
运行在以下环境
系统 amazon_AMI openssh * Up to
(excluding)
6.6.1p1-23.59.amzn1
运行在以下环境
系统 centos_7 openssh * Up to
(excluding)
6.6.1p1-23.el7_2
运行在以下环境
系统 debian DPKG * Up to
(excluding)
1:7.1p2-1
运行在以下环境
系统 debian_10 openssh * Up to
(excluding)
1:7.1p2-1
运行在以下环境
系统 debian_11 openssh * Up to
(excluding)
1:7.1p2-1
运行在以下环境
系统 debian_12 openssh * Up to
(excluding)
1:7.1p2-1
运行在以下环境
系统 debian_6 openssh * Up to
(excluding)
1:5.5p1-6+squeeze8
运行在以下环境
系统 debian_7 openssh * Up to
(excluding)
1:6.0p1-4+deb7u3
运行在以下环境
系统 debian_8 openssh * Up to
(excluding)
1:6.7p1-5+deb8u6
运行在以下环境
系统 fedora_22 gsi-openssh * Up to
(excluding)
6.9p1-10.fc22
运行在以下环境
系统 fedora_23 gsi-openssh * Up to
(excluding)
7.1p2-1.fc23
运行在以下环境
系统 fedora_EPEL_7 gsi-openssh * Up to
(excluding)
6.6.1p1-3.el7
运行在以下环境
系统 opensuse_11.4 openssh-askpass-debuginfo * Up to
(excluding)
5.8p1-11.1
运行在以下环境
系统 opensuse_13.2 openssh-helpers-debuginfo-6.6p1 * Up to
(excluding)
5.3.1
运行在以下环境
系统 opensuse_Leap_42.1 openssh-fips * Up to
(excluding)
6.6p1-8.1
运行在以下环境
系统 oracle_7 oraclelinux-release * Up to
(excluding)
0.9.3-9.23.el7_2
运行在以下环境
系统 redhat_7 openssh * Up to
(excluding)
6.6.1p1-23.el7_2
运行在以下环境
系统 suse_11_SP3 openssh-askpass-6.2p2 * Up to
(excluding)
0.24.1
运行在以下环境
系统 suse_11_SP4 openssh * Up to
(excluding)
6.6p1-16.1
运行在以下环境
系统 suse_12 openssh * Up to
(excluding)
6.6p1-33.1
运行在以下环境
系统 suse_12_SP1 openssh * Up to
(excluding)
6.6p1-33.1
运行在以下环境
系统 ubuntu_12.04.5_lts openssh * Up to
(excluding)
1:5.9p1-5ubuntu1.8
运行在以下环境
系统 ubuntu_14.04 openssh * Up to
(excluding)
1:6.6p1-2ubuntu2.4
运行在以下环境
系统 ubuntu_14.04.6_lts openssh * Up to
(excluding)
1:6.6p1-2ubuntu2.4
阿里云评分
2.7
  • 攻击路径
    远程
  • 攻击复杂度
    复杂
  • 权限要求
    普通权限
  • 影响范围
    有限影响
  • EXP成熟度
    未验证
  • 补丁情况
    官方补丁
  • 数据保密性
    无影响
  • 数据完整性
    无影响
  • 服务器危害
    无影响
  • 全网数量
    100
CWE-ID 漏洞类型
CWE-200 信息暴露
阿里云安全产品覆盖情况