oss-sec mailing list archives
Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778
From: Jan Schaumann <jschauma () netmeister org>
Date: Thu, 14 Jan 2016 13:11:29 -0500
Qualys Security Advisory <qsa () qualys com> wrote:
Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming:
Why is version 5.3 not affected? The change appears to have been introduced in http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.211&r2=1.212 https://github.com/openssh/openssh-portable/commit/c5564e1c4c41ae9af96973e2996e2a4285acbae8#diff-de6290efbc1504e2b727aee24e88db02 on 2009-05-28. OpenSSH 5.3 appears to have been named in https://github.com/openssh/openssh-portable/commit/cd6b1a27cbb9400565811f908ca536937d875b8f on 2009-06-30. I also see: $ ssh -V OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 $ ssh -o UseSomeBogusOption=yes `hostname` date command-line: line 0: Bad configuration option: UseSomeBogusOption $ ssh -o UseRoaming=no `hostname` date Thu Jan 14 09:27:24 PST 2016 $ which suggests that OpenSSH 5.3p1 at the very least _knows_ about the UseRoaming option. -Jan
Current thread:
- Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Qualys Security Advisory (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Rich Felker (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Florian Weimer (Jan 18)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 20)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yann Droneaud (Jan 15)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Jan Schaumann (Jan 14)
- Re: Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Yves-Alexis Perez (Jan 15)