Your submission was sent successfully! Close

CVE-2016-1235

Published: 11 April 2016

The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.

From the Ubuntu security team

It was discovered that OAR incorrectly handled OpenSSH options. An attacker could possibly use this issue to obtain sensitive information or gain privileges.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
oar
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2.5.7-1)
cosmic Not vulnerable
(2.5.7-1)
disco Not vulnerable
(2.5.7-1)
eoan Not vulnerable
(2.5.7-1)
focal Not vulnerable
(2.5.7-1)
groovy Not vulnerable
(2.5.7-1)
hirsute Not vulnerable
(2.5.7-1)
impish Not vulnerable
(2.5.7-1)
jammy Not vulnerable
(2.5.7-1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (2.5.7-1)
wily
Released (2.5.4-2+deb8u1build0.15.10.1)
xenial Ignored
(end of standard support, was needed)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)