Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in OpenSSH

 

Systems Affected


OpenSSH version 5.4 to 7.1.

Threat Level


High


Overview


Multiple vulnerabilities have been reported in OpenSSH that could allow an authenticated, remote attacker to obtain potentially sensitive information and execute arbitrary code on the targeted system.


Description


1. Client Information leak vulnerability ( CVE-2016-0777 )
This vulnerability exists in the OpenSSH client due to improper use of roaming connection feature by the resend_bytes function in roaming_common.c. A remote attacker could exploit this vulnerability to leak portion of memory (possibly including SSH keys) of a successfully authenticated OpenSSH client.

2. Buffer overflow vulnerability ( CVE-2016-0778 )
This vulnerability exists in the OpenSSH client due to improper handling of the connection file descriptors by the roaming_read and roaming_write functions in roaming_common.c. A remote attacker could exploit this vulnerability by triggering a buffer overflow flaw in the connected client while using ProxyCommand, ForwardAgent, or ForwardX11.

Successful exploitation of this vulnerability could allow a remote attacker to cause denial of service conditions (heap-based buffer overflow) or possibly have other unspecified impact.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in http://www.openssh.com/txt/release-7.1p2


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.