amuck-landowner

OpenSSL Client Vulnerability

HalfEatenPie

HalfEatenPie

The Irrational One
Retired Staff
National Cyber Awareness System:



OpenSSH Client Vulnerability


01/14/2016 07:54 PM EST

 


Original release date: January 14, 2016

OpenSSH version 7.1p2 has been released to address vulnerabilities in versions 5.4 through 7.1p1. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system.


Users and administrators are encouraged to review the OpenSSH Release Notes and Vulnerability Note VU#456088 and apply the necessary update
Click to expand...



tldr: experimental feature shipped with OpenSSH Client is enabled by default.  Vulnerability involved.  Fixing involves updating or  


echo 'UseRoaming no' >> /etc/ssh/ssh_config


This is unrelated to the OpenSSH Server.


Original Source: http://undeadly.org/cgi?action=article&sid=20160114142733
 
Last edited by a moderator:
You must log in or register to reply here.
Top
amuck-landowner