Critical Opening in Openssh

During the past week, two serious security vulnerabilities were discovered in OpenSSH, the network protocol used for secure data transmission and used to remotely access SSH. The attackers who use the openings get access to the memory of the client who is thought to be connected to a secure server. In this way, many critical data, including user keys, can keep the communication safe.

All versions of OpenSSH between 5.4 and 7.1 announced this vulnerability. Investigators pointed out that version 5.4 went on the market in 2010, emphasizing that CVE-2016-0777 and CVE-2016-0778 have not been closed since 6 years. With 0777, attackers can exploit buffer overflow with 0778 vulnerability while taking sensitive information from the client with a secure SSH server that is exploited and appears to be secure.

As patches for Linux and Unix systems begin to be released, it is recommended that you turn off roaming on SSH clients to avoid being explicitly affected by users.

Share this post

Please Login or Signup to leave a comment.