Reference: CERT-EU Security Advisory 2016-50 Short Summary -------------- Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. [1] Data leakage vulnerability: a memory disclosure can take place and the client's private keys can be stolen by the server. The exploitation is possible when "roaming" is enabled in the client which is by default. [1] Buffer-overflow vulnerability: a memory heap attack by the server, can exploit the client. The exploitation is possible with default settings on the client and two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X). [1] CVE reference: cve-2016-0777, cve-2016-0778 Affected platforms: OpenSSH Version: between 5.4 and 7.1 Date found: 2016-01-14 Security risk: Medium Vendor Status: Notified / Patch unavailable Systems affected ----------------- versions between 5.4 and 7.1 Impact ------- The exploitation of the OpenSSH client software can lead in retrieving the client's private keys by the attacker or other attacks through buffer overflow. Solutions ---------- There is an easy fix by setting the undocumented option "UseRoaming" to "no". Alternatively, as from version 7.1p2 (released on January 14, 2016), the roaming feature is disabled by default. Also, users are strongly advised to regenerate their SSH keys accordingly. Additional References ----------------------- [1] Qualys: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt [2] Redhat: https://access.redhat.com/articles/2123781 CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383