D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] SSH vuln..

 

On Thursday 14 Jan 2016 17:33:46 Gordon Henderson wrote:
> Probably OK unless you ssh to compromised hosts, but edit your
> /etc/ssh/ssh_config until you get an updated ssh.
> 
> =-=-=-=
> 
> More info's now been released...
> 
> http://undeadly.org/cgi?action=article&sid=20160114142733

The grubby details in the Qualys paper mean it is extremely unlikely any of my 
machines would leak a secret key this way, and I'd know about it if it had 
happened.

Got a lot of attention, and probably rightfully so, memory leak in a feature 
hardly anyone uses - remind you of anything - but I think the real world 
exploit-ability is pretty low. I flagged it as keep an eye on the regular 
patching to make sure it gets patched.

https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq