OpenSSH: Information-leak vulnerability (Triple-Seven)

Submitted on 15. January 2016 - 16:17 by rischi.
Last update on 18. January 2016 - 12:57.

IDs:

CVE-2016-0777, CVE-2016-0778

Keywords:

OpenSSH

Description:

OpenSSH clients in version 5.4 - 7.1 are affected by an information leakage vulnerability due to a bug in the undocumented roaming feature. A malicious SSH server may be able to extract the client's private key [1].

Airlock WAF is not affected because the installed OpenSSH software version is not vulnerable.

Resolution:

No action required for Airlock WAF.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

No action required

Reference:

[1] Red Hat: OpenSSH: Information-leak vulnerability (CVE-2016-0777)

Main menu

Navigation

User menu

You are here

OpenSSH: Information-leak vulnerability (Triple-Seven)

Main menu

Search form

Navigation

User menu

You are here

OpenSSH: Information-leak vulnerability (Triple-Seven)