OpenSSH Flaw Exposes Linux to Roaming Risk
The open-source OpenSSH project today announced a critical update, patching a pair of vulnerabilities that an attacker could have used to steal user information. OpenSSH is a widely used and deployed technology that is intended to enable secure remote access to a system. OpenSSH is an implementation of the SSH (Secure Shell) protocol 2.0 that can run on both client and server systems and is typically included in all major Linux distributions. “The OpenSSH client code between 5.4 and 7.1 contains experimental support for resuming SSH-connections (roaming),” the OpenSSH project advisory on the update states. “The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys.” Security firm Qualys first reported the roaming vulnerability to the OpenSSH project and has identified the flaw as CVE-2016-0777.
“The information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client’s version, compiler, and operating system) allows a malicious SSH server to steal the client’s private keys,” Qualys warns in its advisory. “This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly.”
Submitted by: Arnfried Walbrecht