Security News > 2016 > January > Flaw allows malicious OpenSSH servers to steal users' private SSH keys (Help Net Security)

Flaw allows malicious OpenSSH servers to steal users' private SSH keys (Help Net Security)
2016-01-15 09:25

Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by attackers to extract users...


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/sUDrcrYphz4/secworld.php

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-01-14 CVE-2016-0777 Information Exposure vulnerability in multiple products
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
network
low complexity
sophos oracle openbsd hp apple CWE-200
6.5
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SSH 7 2 8 4 1 15