![]() ![]() More details about this and the buffer overflow bug discovered by Qualys and responsibly disclosed to the OpenSSH team can be found in this advisory. Since SSH is often used to automate system administration processes, getting a such a private key would provide very broad access to an infrastructure.” “But if the attacker has control of the SSH server, he can implement the exploit and then gain access to the private keys of the users – these private keys can then be used to impersonate the user and log into other systems. listen on the network is not powerful enough, he explained. A mere MITM position is not enough to run the attack, i.e. This means the attacker is already at system administrator level on the server that users connect to, which is already an exceptional security situation and should be pretty rare. “An attacker has to control the SSH server to implement the attack. The criticality being formally low is similar to Heartbleed, which also has a low CVSS score, but is a very serious vulnerability due to information that can be leaked.” ![]() System administrators can typically install anything they want on the target system including backdoors and malware. “Gaining access to these keys would allow an attacker to pose as owner of the keys, often then with system administration privileges. However, the information disclosed are SSH keys, which are widely used for automation of system administration tasks and interactive logins,” noted Qualys CTO Wolfgang Kandek. “It is an Information Disclosure bug, so on the CVSS scale, it probably it does not rank as critical. The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys,” OpenSSH officials explained in an advisory. “The OpenSSH client code between 5.4 and 7.1 contains experimental support for resuming SSH-connections (roaming). Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by attackers to extract users’ private cryptographic keys.
0 Comments
Leave a Reply. |