Call it an experiment gone wrong: a bug in a test feature of the OpenSSH client was found to be highly vulnerable to exploitation today, potentially leaking cryptographic keys to malicious attackers. First discovered and announced by the Qualys Security Team, the vulnerability affects OpenSSH versions 5.4 through 7.1. Here's what you need to know about bug, including remediation tips.
The flaw involves the accidental inclusion of experimental client-side roaming support in the OpenSSH client, despite being disabled on the server-side years ago. This feature essentially enables users to resume broken SSH connections. Unfortunately, a maliciously configured server can exploit a bug in the client and capture its memory contents, including any private encryption keys used for SSH connections. OpenSSH's advisory note offers detailed information on how to patch the vulnerable client, as well as instructions for manually disabling SSH roaming.
To fix the vulnerability, download and apply the security patch. Alternatively, you may also add the option "UseRoaming No" to /etc/ssh/ssh_config (or the user's ~/.ssh/config) file:
# echo -e 'Host *\nUseRoaming no' >> /etc/ssh/ssh_config
The following CVEs have been assigned to the issues related to the bug:
- CVE-2016-0777: An information leak (memory disclosure) can be exploited by a rogue SSH server to trick a client into leaking sensitive data from the client memory, including for example private keys.
- CVE-2016-0778: A buffer overflow (leading to file descriptor leak), can also be exploited by a rogue SSH server, but due to another bug in the code is possibly not exploitable, and only under certain conditions (not the default configuration), when using ProxyCommand, ForwardAgent or ForwardX11.
Does This New OpenSSH Flaw Sound Familiar?
OpenSSL HeartBleed vulnerability similarly gives attackers the ability to read the RAM contents in vulnerable computers. However, the OpenSSH roaming bug is considered less severe, as it is only exploitable after a vulnerable client connects to a malicious server. That said, Canonical—maker of popular Ubuntu Linux—stated in an advisory that versions 12.04, 1404, 15.04, and 15.10 of its OS contain the bug. Additionally, some versions of Red Hat Enterprise Linux (RHEL) 7 prior to March 2015 are also impacted.
Don't fall victim to vulnerabilities that can leave critical data like cryptographic keys up-for-grabs. UpGuard's platform for continuous security monitoring ensures that your entire infrastructure is free from SSH vulnerabilities like HeartBleed and the Roaming Bug, among others. Get a guided demo of UpGuard for free.
Sources
https://www.undeadly.org/cgi?action=article&sid=20160114142733
https://lists.debian.org/debian-security-announce/2016/msg00015.html
https://www.zdnet.com/article/serious-security-flaw-found-in-openssh-puts-private-keys-at-risk/