OpenSSH Flaw Exposes Linux Servers to Roaming RiskJan 14, 2016, 19:39 (0 Talkback[s])
(Other stories by Sean Michael Kerner)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
The OpenSSH client code between 5.4 and 7.1 contains experimental support for resuming SSH-connections (roaming)," the OpenSSH project advisory on the update states. "The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys."
Security firm Qualys first reported the roaming vulnerability to the OpenSSH project and has identified the flaw as CVE-2016-0777.
0 Talkback[s] (click to add your comment)