cpe:/a:openbsd:openssh:7.3 CVE-2016-10012 2017-01-04T21:59:03.150-05:00 2018-09-11T06:29:00.943-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2017-01-05T10:55:40.070-05:00 SECTRACK 1037490 BID 94975 REDHAT RHSA-2017:2029 MLIST [debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update MLIST [oss-security] 20161219 Announce: OpenSSH 7.4 released CONFIRM http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.647637 CONFIRM https://github.com/openbsd/src/commit/3095060f479b86288e31c79ecbc5131a66bcd2f9 CONFIRM https://security.netapp.com/advisory/ntap-20171130-0002/ CONFIRM https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03818en_us CONFIRM https://www.openssh.com/txt/release-7.4 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.