OpenSSH cryptographic software fixes a dangerous vulnerability

    The open source SSH protocol client (OpenSSH) has fixed a dangerous vulnerability with the identifier CVE-2016-0777 . This vulnerability was of the type Information Disclosure and was present in the OpenSSH client versions 5.x, 6.x, and 7.x prior to version 7.1p2. It was located in the resend_bytes function of the roaming_common.c source file and allowed the server-side process to access part of the client’s memory with confidential data, including the data of private encryption keys that are used by the client in the process of establishing a secure connection.

    The vulnerability applies only to the OpenSSH client and is not related to its server part. An attacker who compromised a legitimate SSH server can get his client’s private secret keys at his disposal using a setting called roaming. This default setting is active for the client and allows it to reconnect to the server after a sudden disconnection, which is used by attackers for exploitation.

    The posted security notice recommends that customers use the software update as soon as possible. If this is not possible, the user should be prohibited from using the roaming function in the OpenSSH configuration file. This can be done using the following commands.

    On FreeBSD and Linux.

    echo 'UseRoaming no' | sudo tee -a / etc / ssh / ssh_config

    On Apple OS X.

    echo "UseRoaming no" >> ~ / .ssh / config

    To accept the changes, close all active SSH sessions. In addition, users of the OpenSSH client are also advised to re-obtain private keys, as they may be compromised. The latest FreeBSD, OpenBSD, and Linux distributions such as Debian, Ubuntu, and RedHat Enterprise Linux (RHEL) are equipped with an updated version of OpenSSH.

    The vulnerability does not apply to users of the PuTTY SSH client for Windows. Qualys previously posted on its website detailed information about this and other OpenSSH client vulnerabilities, as well as a proof-of-concept exploit code.

    be secure.

    Also popular now: