Executive Summary
Summary | |
---|---|
Title | openssh security update |
Informations | |||
---|---|---|---|
Name | DSA-3446 | First vendor Publication | 2016-01-14 |
Vendor | Debian | Last vendor Modification | 2016-01-14 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Qualys Security team discovered two vulnerabilities in the roaming code of the OpenSSH client (an implementation of the SSH protocol suite). SSH roaming enables a client, in case an SSH connection breaks unexpectedly, to resume it at a later time, provided the server also supports it. The OpenSSH server doesn't support roaming, but the OpenSSH client supports it (even though it's not documented) and it's enabled by default. CVE-2016-0777 An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys. CVE-2016-0778 A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11. This security update completely disables the roaming code in the OpenSSH client. It is also possible to disable roaming by adding the (undocumented) option 'UseRoaming no' to the global /etc/ssh/ssh_config file, or to the user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line. Users with passphrase-less privates keys, especially in non interactive setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to update their keys if they have connected to an SSH server they don't trust. More details about identifying an attack and mitigations will be available in the Qualys Security Advisory. For the oldstable distribution (wheezy), these problems have been fixed in version 1:6.0p1-4+deb7u3. For the stable distribution (jessie), these problems have been fixed in version 1:6.7p1-5+deb8u1. For the testing distribution (stretch) and unstable distribution (sid), these problems will be fixed in a later version. We recommend that you upgrade your openssh packages. |
Original Source
Url : http://www.debian.org/security/2016/dsa-3446 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-200 | Information Exposure |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | OpenSSH insecure roaming key exchange attempt RuleID : 37371 - Revision : 3 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-22 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_SecUpd2016-002.nasl - Type : ACT_GATHER_INFO |
2016-03-22 | Name : The remote Mac OS X host is affected by multiple vulnerabilities. File : macosx_10_11_4.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-c330264861.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-67c6ef0d4f.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2016-2e89eba0c1.nasl - Type : ACT_GATHER_INFO |
2016-02-05 | Name : The remote AIX host has a version of OpenSSH installed that is affected by mu... File : aix_openssh_advisory7.nasl - Type : ACT_GATHER_INFO |
2016-01-29 | Name : The remote Fedora host is missing a security update. File : fedora_2016-4556904561.nasl - Type : ACT_GATHER_INFO |
2016-01-26 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-49.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-39.nasl - Type : ACT_GATHER_INFO |
2016-01-25 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-38.nasl - Type : ACT_GATHER_INFO |
2016-01-19 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2016-638.nasl - Type : ACT_GATHER_INFO |
2016-01-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201601-01.nasl - Type : ACT_GATHER_INFO |
2016-01-18 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0120-1.nasl - Type : ACT_GATHER_INFO |
2016-01-18 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0119-1.nasl - Type : ACT_GATHER_INFO |
2016-01-18 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0118-1.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2016-014-01.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2869-1.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20160114_openssh_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2016-0043.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2016-0043.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dfe0cdc1baf211e5863ab499baebfeaf.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3446.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote Debian host is missing a security update. File : debian_DLA-387.nasl - Type : ACT_GATHER_INFO |
2016-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2016-0043.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-09-09 00:24:22 |
|
2016-01-21 21:27:46 |
|
2016-01-20 21:25:58 |
|
2016-01-20 00:26:10 |
|
2016-01-16 13:26:30 |
|
2016-01-15 05:27:40 |
|
2016-01-14 17:23:20 |
|