OpenSSH – Information-leak vulnerability (CVE-2016-0777)

16. January 2016 Hot News, SysAdmin 0
OpenSSH – Information-leak vulnerability (CVE-2016-0777)

Vulnerability

Since version 5.4, the OpenSSH client supports an undocumented feature called roaming. If a connection to an SSH server breaks unexpectedly, and if the SSH server supports roaming as well, the client is able to reconnect to the server and resume the interrupted SSH session. The roaming feature is enabled by default in OpenSSH clients, even though no OpenSSH server version implements the roaming feature.

  • RHEL / CentOS 4, 5 and 6 are not affected by this flow.
  • If you are using RHEL 7 / CentOS 7 with OpenSSH 6.4 you need to update it to OpenSSH 6.6 latest as soon as possible.

Links

Red Hat Article Link
Fixed version details


Leave a Reply

Your email address will not be published. Required fields are marked *