CVE-2016-10010
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-10010
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10010.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-10010
- Downstream
- Related
- Published
- 2017-01-05T02:59:03Z
- Modified
- 2025-10-23T04:32:50Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
- References
-
- http://www.openwall.com/lists/oss-security/2016/12/19/2
- https://security.FreeBSD.org/advisories/FreeBSD-SA-17:01.openssh.asc
- https://security.netapp.com/advisory/ntap-20171130-0002/
- https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce
- http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
- http://www.securityfocus.com/bid/94972
- http://www.securitytracker.com/id/1037490
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1010
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us
- https://www.exploit-db.com/exploits/40962/
- https://www.openssh.com/txt/release-7.4
Affected packages
Git / github.com/openbsd/src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openbsd/src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"id": "CVE-2016-10010-50f667bf",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 675.0,
"function_hash": "88074729361574684655383073785697122465"
},
"target": {
"function": "server_request_direct_streamlocal",
"file": "usr.bin/ssh/serverloop.c"
},
"signature_type": "Function",
"source": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
},
{
"id": "CVE-2016-10010-5ca51719",
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"112282066002107034597966630488981573200",
"323170963047525805601423935231014888198",
"105602847311270152932988922498303337107",
"76471072604392233889917292026466974468",
"115288348656019374252928779477053292513",
"279077386821327629482001315859305756941",
"307721442845954940161521364327147819590",
"22897284367347113241751456465789938240",
"103705164511187462290344000544006251297"
],
"threshold": 0.9
},
"target": {
"file": "usr.bin/ssh/serverloop.c"
},
"signature_type": "Line",
"source": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
},
{
"id": "CVE-2016-10010-aac5713e",
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 3078.0,
"function_hash": "286885204847831165959415133843015610387"
},
"target": {
"function": "server_input_global_request",
"file": "usr.bin/ssh/serverloop.c"
},
"signature_type": "Function",
"source": "https://github.com/openbsd/src/commit/c76fac666ea038753294f2ac94d310f8adece9ce"
}
]