Protecting Against CVE-2016-0777 and CVE-2016-0778

Reading Time: 2 minutes

Overview

A flaw in OpenSSH, discovered and reported by Qualys on Jan. 14, 2016, could potentially allow an information leak (CVE-2016-0777) or buffer overflow (CVE-2016-0778) via the OpenSSH client. Specifically, an undocumented feature called roaming, introduced in OpenSSH version 5.4, can be exploited to expose a client’s private SSH key.

Continue reading “Protecting Against CVE-2016-0777 and CVE-2016-0778”