This report and it’s vulnerability has been patched and disabled on our servers. Please be advised that we have done so if your PCI managers ask.
A critical vulnerability of OpenSSH client was detected recently. It can be indicated as CVE-2016-0777 and CVE-2016-0778. OpenSSH versions starting from 5.4 to 7.1 are vulnerable.
Because of this bug malefactors can steal your server’s private key. All machines based on Linux/FreeBSD/OpenBSD/MacOS operating systems are affected.
In order to avoid hacking we strongly recommend to update your OpenSSH client and disable roaming function in the configuration file. To do so you need to connect to your server via SSH protocol and execute the following command:
# echo -e ‘Host *\nUseRoaming no’ >> /etc/ssh/ssh_config
As the alternative way you can manually specify the directive “UseRoaming no” in /etc/ssh/ssh_config file if you use Linux OS.
Also it is necessary to update version of OpenSSH client to the latest one through packet manager of usable distribution.
You will find more details regarding the above mentioned vulnerability on the following pages:
– https://access.redhat.com/
– https://cve.mitre.org/cgi-bin/
– https://cve.mitre.org/cgi-bin/
Please feel free to contact us if you need any assistance or you have any further questions.
