Is COPSSH affected by the new "UseRoaming" vulnerability?

2 posts / 0 new
Last post
Anonymous
Is COPSSH affected by the new "UseRoaming" vulnerability?

A new vulnerability has been discovered in OpenSSH that permits attackers to obtain sensitive information from authenticated sessions.
This could be exploited through an option called "UseRoaming", that allows the clients to reconnect to the server and resume their interrupted SSH session.
Risk:
-----
High
Impact:
-------
The vulnerability can also allows malicious users to possibly obtain sensitive information, execute arbitrary code, compromise the system and bypass security restrictions as well.
Affected Systems:
-----------------
OpenSSH versions 5.4 to 7.1;

itefix
Offline
Last seen: 22 hours 39 min ago
Joined: 01.05.2008 - 21:33
Worth to mention that the

Worth to mention that the vulnerability affects the ssh client only, not the server. The product edition is updated with the latest OpenSSH fixing this vulnerability.

MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the client can be completely disabled by adding 'UseRoaming no' to the gobal ssh_config(5) file, or to user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line.