OpenSSH: Information-leak vulnerability (CVE-2016-0777)

Updated -

Since version 5.4, the OpenSSH client supports an undocumented feature called roaming. If a connection to an SSH server breaks unexpectedly, and if the SSH server supports roaming as well, the client is able to reconnect to the server and resume the interrupted SSH session. The roaming feature is enabled by default in OpenSSH clients, even though no OpenSSH server version implements the roaming feature.

An information leak flaw was found in the way OpenSSH client roaming feature was implemented. The information leak is exploitable in the default configuration of certain versions of the OpenSSH client and could (depending on the client's version, compiler, and operating system) allow a malicious SSH server to steal the client's private keys.

This issue has been assigned CVE-2016-0777, and was rated as having Moderate impact by Red Hat Product Security.

Note that this flaw can only be triggered after successful authentication and therefore can only be exploited by a malicious or compromised SSH server. Man-in-the-middle (MITM) attackers can not exploit this issue.

Affected Products

  • Red Hat Enterprise Linux 4, 5, and 6 are not affected by this flaw because they include OpenSSH versions older than 5.4, and hence do not implement the roaming feature.
  • Red Hat Enterprise Linux 7 since version 7.1 has provided OpenSSH 6.6 for which the default configuration is not affected by this flaw. OpenSSH 6.6 is only vulnerable to this issue when used with certain non-default ProxyCommand settings. Security update RHSA-2016-0043 corrects this issue.
  • Red Hat Enterprise Linux 7 prior to version 7.1 (released in March 2015) provides OpenSSH 6.4 and is impacted regardless of the use of the ProxyCommand settings. The OpenSSH packages were updated from version 6.4 to version 6.6 in Red Hat Enterprise Linux 7.1 via RHSA-2015:0425.

Mitigation:

In Red Hat Enterprise Linux 7 you can mitigate this issue by setting the following option in the OpenSSH client's configuration file, either global (/etc/ssh/ssh_config) or user specific (~/.ssh/config):

UseRoaming no

The above directive should be placed in the Host * section of the configuration file to use this setting for all SSH servers the client connects to.

You can also set the option via a command line argument when connecting to an SSH server:

-o 'UseRoaming no'

Resolution:

Security update RHSA-2016-0043 has been released to correct this issue.

References:

Qualys Security Advisory
Upstream announcement

Acknowledgements:

Red Hat would like to thank Qualys for reporting this issue.

Comments