[Yeti DNS Discuss] OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
dbgong at biigroup.cn
Fri Jan 15 04:49:47 UTC 2016
OpenSSH: client bugs
* SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1
contains experimential support for resuming SSH-connections (roaming).
The matching server code has never been shipped, but the client
code was enabled by default and could be tricked by a malicious
server into leaking client memory to the server, including private
client user keys.
The authentication of the server host key prevents exploitation
by a man-in-the-middle, so this information leak is restricted
to connections to malicious or compromised servers.
MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the client
can be completely disabled by adding 'UseRoaming no' to the global
ssh_config(5) file, or to user configuration in ~/.ssh/config,
or by passing -oUseRoaming=no on the command line.
please refer http://undeadly.org/cgi?action=article&sid=20160114142733
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss