OpenSSH – Information-leak vulnerability (CVE-2016-0777)

Vulnerability

Since version 5.4, the OpenSSH client supports an undocumented feature called roaming. If a connection to an SSH server breaks unexpectedly, and if the SSH server supports roaming as well, the client is able to reconnect to the server and resume the interrupted SSH session. The roaming feature is enabled by default in OpenSSH clients, even though no OpenSSH server version implements the roaming feature.

  • RHEL / CentOS 4, 5 and 6 are not affected by this flow.
  • If you are using RHEL 7 / CentOS 7 with OpenSSH 6.4 you need to update it to OpenSSH 6.6 latest as soon as possible.

Links

Red Hat Article Link
Fixed version details

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Scroll to Top