OpenSSH cryptographic software fixes dangerous vulnerability
The open source SSH protocol client (OpenSSH) fixed a dangerous vulnerability with the identifier CVE-2016-0777 . This vulnerability was an Information Disclosure type and was present in the OpenSSH client versions 5.x, 6.x, and 7.x up to version 7.1p2. It was located in the resend_bytes function of the roaming_common.c source file and allowed the server-side process to access part of the client’s memory with confidential data, including data from private encryption keys used by the client in the secure connection process.
The vulnerability applies only to the OpenSSH client and is not related to its server part. An attacker who compromises a legitimate SSH server can obtain private client private keys using a setting called roaming. This default setting is active for the client and allows it to reconnect to the server after a sudden disconnection, which is used by attackers for operation.
The posted security notice recommends that client users update the software as soon as possible. If this is not possible, the user should prohibit the use of the roaming function in the OpenSSH configuration file. This can be done using the following commands.
')
On FreeBSD and Linux.
echo 'UseRoaming no' | sudo tee -a / etc / ssh / ssh_config
On Apple OS X.
echo "UseRoaming no" >> ~ / .ssh / config
For acceptance by virtue of changes, you should close all active SSH sessions. In addition, users of the OpenSSH client are also advised to re-acquire private keys, as they may be compromised. The latest FreeBSD, OpenBSD distributions, as well as Linux distributions such as Debian, Ubuntu, and RedHat Enterprise Linux (RHEL) are equipped with an updated version of OpenSSH.
The vulnerability does not apply to users of the PuTTY Windows SSH client. Previously, Qualys specialists posted on their website detailed information about this and other OpenSSH client vulnerabilities, as well as proof-of-concept exploit code.
be secure.
The vulnerability applies only to the OpenSSH client and is not related to its server part. An attacker who compromises a legitimate SSH server can obtain private client private keys using a setting called roaming. This default setting is active for the client and allows it to reconnect to the server after a sudden disconnection, which is used by attackers for operation.
The posted security notice recommends that client users update the software as soon as possible. If this is not possible, the user should prohibit the use of the roaming function in the OpenSSH configuration file. This can be done using the following commands.
')
On FreeBSD and Linux.
echo 'UseRoaming no' | sudo tee -a / etc / ssh / ssh_config
On Apple OS X.
echo "UseRoaming no" >> ~ / .ssh / config
For acceptance by virtue of changes, you should close all active SSH sessions. In addition, users of the OpenSSH client are also advised to re-acquire private keys, as they may be compromised. The latest FreeBSD, OpenBSD distributions, as well as Linux distributions such as Debian, Ubuntu, and RedHat Enterprise Linux (RHEL) are equipped with an updated version of OpenSSH.
The vulnerability does not apply to users of the PuTTY Windows SSH client. Previously, Qualys specialists posted on their website detailed information about this and other OpenSSH client vulnerabilities, as well as proof-of-concept exploit code.
be secure.
Source: https://habr.com/ru/post/275183/
All Articles