CVE-2016-10010

CVSS 7 HIGHEPSS 4.2%CWE-269

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 3

cve_referencepacketstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.htmlunverified cve_referencewww.exploit-db.com/exploits/40962/unverified exploitdbwww.exploit-db.com/exploits/40962unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html https://bugs.chromium.org/p/project-zero/issues/detail?id=1010 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc https://security.netapp.com/advisory/ntap-20171130-0002/https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us https://www.exploit-db.com/exploits/40962/https://www.openssh.com/txt/release-7.4 http://www.openwall.com/lists/oss-security/2016/12/19/2 http://www.securityfocus.com/bid/94972 http://www.securitytracker.com/id/1037490