Critical OpenSSH vulnerability

by | Jan 18, 2016

Security experts have discovered a critical vulnerability in OpenSSH which affects versions from 5.4 to 7.1 and it allows attackers to steal encrypted private keys.

A new OpenSSH version has been released to patch this vulnerability, so it is strongly recommended to update to this new release. Another option is to deactivate the vulnerable code adding "UseRoaming no” option in ssh_config file.

The affected versions have experimental support to restart SSH connections and the client code was activated by default. This configuration allows malicious servers to leak memory to the server, including user’s private keys.

OpenSSH is a Secure Shell (SSH) implementation, a protocol which helps to secure network communications via the encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities. It can be implemented to different Linux-based OS, such as Ubuntu and Mac OS X.




Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

VDI: The most secure environment for hybrid working

Today is Data Privacy Day. The purpose of this date is to raise awareness and promote privacy and data protection best practices. It was initiated by the European Commission, the Council of Europe, and the Data Protection authorities of the European Union’s member states. Their main goal was to drive attention to the importance of privacy, user data protection, and compliance of the General Data Protection Regulation (RGPD). It is a regulation characterized by significant fines for non-compliance since its implementation in 2018.


Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content