The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x prior to 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle solaris 11.3 |
||
oracle linux 7 |
||
openbsd openssh 5.4 |
||
openbsd openssh 5.5 |
||
openbsd openssh 6.6 |
||
openbsd openssh 6.7 |
||
openbsd openssh 6.2 |
||
openbsd openssh 6.9 |
||
openbsd openssh 6.8 |
||
openbsd openssh 5.7 |
||
openbsd openssh 6.0 |
||
openbsd openssh 6.3 |
||
openbsd openssh 6.1 |
||
openbsd openssh 5.9 |
||
openbsd openssh 6.5 |
||
openbsd openssh 7.0 |
||
openbsd openssh 5.6 |
||
openbsd openssh 7.1 |
||
openbsd openssh 5.8 |
||
openbsd openssh 6.4 |
||
apple mac os x |
||
hp virtual customer access system |
||
sophos unified threat management software 9.353 |
Screen OS not affected
The next vendor to kill off the OpenSSH roaming bug announced in January is Juniper Networks. The bug's best bit, as we noted at the time, was that the roaming feature had been added as an experiment back in 2010 (in version 5.4), and was undocumented. The idea of roaming is to maintain an OpenSSH session if there was a connection interruption – which happens quite often in the mobile world, when for example a client moves between cell towers / base stations. In its analysis of the bug, Qualys...
And consider regenerating your keys just in case
Malicious OpenSSH servers can silently steal people's private SSH keys as they try to login, it emerged today. This means criminals who compromise one server can secretly grab keys needed to log into other systems from a user's computer – allowing crooks to jump from server to server. The security cockup, present in the default configuration of OpenSSH, has been patched today, and all users and administrators are urged to update as soon as possible. SSH keys are an alternative to passwords: yo...