Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OpenSSH 5.4 <= 7.1p1 Roaming Connection Vulnerabilities

Medium

Synopsis

The remote SSH client may be affected by multiple vulnerabilities.

Description

Versions of OpenSSH starting with 5.4 until 7.1p1 contain some flaws in the undocumented roaming feature. Version 7.1p2 has been released to address the following client side vulnerabilities :

- Using a specially crafted SSH server, a context-dependent attacker can disclose sensitive memory contents when the client authenticates to the server, such as the client's private SSH keys. (CVE-2016-0777) - An unspecified overflow condition exists that is triggered as user-supplied input is not properly validated. With a specially crafted SSH server, a context-dependent attacker can cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-0778)

Note: PVS has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

Solution

Upgrade to OpenSSH version 7.1p2 or later. Alternatively, adding the undocumented option "UseRoaming no" to the system-wide configuration file will eliminate these vulnerabilities.