CVE-2016-10009 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a forwarded agent channel could potentially use this flaw to execute arbitrary code on the system running the ssh-agent. Note that the attacker must have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-110	openssh	7.3p1-2	7.4p1-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
22 Dec 2016	ASA-201612-20	AVG-110	openssh	Medium	multiple issues

References
https://www.openssh.com/txt/release-7.4 http://seclists.org/oss-sec/2016/q4/705