What is the impact of CVE-2016-0777 and CVE-2016-0778 on the ssh client bundled with Centrify-enabled OpenSSH?
Applies To:
Centrify-enabled OpenSSH 5.3.0 and lower on all platforms
Question:
Is the ssh client bundled with Centrify-enabled OpenSSH affected by vulnerabilities CVE-2016-0777 and CVE-2016-0778 and if so how are they being addressed?
Answer:
Vulnerabilities CVE-2016-0777 and CVE-2016-0778 pertain to a concept known as "roaming" on the ssh client side which is enabled by default. The vulnerability involves the possibility of a rogue server impersonating the original one through an exploit in this roaming feature. The ssh client is at risk for leaking information. Since Centrify-enabled OpenSSH does ship with the ssh client we are affected by this vulnerability. It should be noted that the CVSS score is 4.3 which corresponds to a low risk vulnerability.
There is a workaround to avoid being impacted by this vulnerability via the following ssh client option:
UseRoam noin ssh_config or-oUseRoam=noin ssh command line.
These vulnerabilities are being addressed in stock OpenSSH 7.1p2. Centrify will adopt this version of OpenSSH in the next release of Centrify Server Suite, 2016.1.
For further reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 https://access.redhat.com/security/cve/CVE-2016-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778