#OpenSSH: client allow a malicious #SSH server to steal the client’s private keys.

This is the most serious bug you’ll hear about this week: The issue dubbed CVE-2016-0777 has been identified and fixed in #OpenSSH.

Affects all #OpenSSH 5.4 – 7.1: Apply the workaround and wait for an upcoming release.
# echo 'UseRoaming no' >> /etc/ssh/ssh_config
The information leak is exploitable in the default configuration of certain versions of the OpenSSH client and could (depending on the client’s version, compiler, and operating system) allow a malicious #SSH server to steal the client’s private keys.

More information: http://s.ibscc.net/ity9A

Share on telegram
Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

internet business solutions