[Yeti DNS Discuss] OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778

dbgong dbgong at biigroup.cn
Fri Jan 15 04:49:47 UTC 2016


OpenSSH: client bugs

 * SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1
   contains experimential support for resuming SSH-connections (roaming).
   The matching server code has never been shipped, but the client
   code was enabled by default and could be tricked by a malicious
   server into leaking client memory to the server, including private
   client user keys.
   The authentication of the server host key prevents exploitation
   by a man-in-the-middle, so this information leak is restricted
   to connections to malicious or compromised servers.
   MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the client
   can be completely disabled by adding 'UseRoaming no' to the global
   ssh_config(5) file, or to user configuration in ~/.ssh/config,
   or by passing -oUseRoaming=no on the command line.

please refer http://undeadly.org/cgi?action=article&sid=20160114142733 




---
Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20160115/f54fbd9c/attachment.html>


More information about the discuss mailing list