Tag: CVE-2016-0777

Protecting Against CVE-2016-0777 and CVE-2016-0778

Posted on January 15, 2016 by dpepper

Category: Security Bulletins | Tags: CVE-2016-0777, CVE-2016-0778, SSH

Reading Time: 2 minutes

Overview

A flaw in OpenSSH, discovered and reported by Qualys on Jan. 14, 2016, could potentially allow an information leak (CVE-2016-0777) or buffer overflow (CVE-2016-0778) via the OpenSSH client. Specifically, an undocumented feature called roaming, introduced in OpenSSH version 5.4, can be exploited to expose a client’s private SSH key.

Continue reading →