News

Qualys security researchers discover vulnerability in OpenSSH client

By admin
Spread the love

Qualys security researchers have identified a vulnerability in the OpenSSH client. This makes it possible for an attacker to use a malicious ssh server to read the memory of the client, which, among other things, can leak security keys.

The Undeadly site reports that versions 5.4 to 7.1 of the OpenSSH client are affected by the vulnerability, which has been identified as cve-2016-0777. A patch is now available in the 7.1p2 release of the software.

Authenticating the server’s host key would ensure that the vulnerability cannot be used by a man-in-the-middle attack, but only through a malicious or infected server. As an alternative to the patch, users can add ‘UseRoaming no’ to their ssh configuration file or use the ‘-oUseRoaming=no’ parameter with the ssh command from the command line.

The bug is said to have been caused by experimental code for resuming secure ssh connections in OpenSSH’s client software. However, the code never made it into the server software.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

Logitech acquires stream controller maker Loupedeck