OpenSSH issued an update, OpenSSH 7.1p2, for a pair of vulnerabilities, one of which could leak secret cryptographic keys and other information.
OpenSSH issued an update, OpenSSH 7.1p2, for a pair of vulnerabilities, one of which could leak secret cryptographic keys and other information.

OpenSSH issued an update, OpenSSH 7.1p2, for a pair of vulnerabilities, one of which could leak secret cryptographic keys and other information.

Since version 5.4 was released in 2010, the OpenSSH has supported a feature known as roaming, which is undocumented. “If the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session,” according to an advisory put out by Qualys researchers who reported the flaw.

“Although roaming is not supported by the OpenSSH server, it is enabled by default in the OpenSSH client, and contains two vulnerabilities that can be exploited by a malicious SSH server (or a trusted but compromised server): an information leak (memory disclosure), and a buffer overflow(heap-based).”

The advisory noted that the leak might have been exploited in the wild so users and high-profile websites should regenerate their SSH keys. “It is an Information Disclosure bug, so on the CVSS scale, it probably it does not rank as critical,” Qualys Chief Technology Officer (CTO) Wolfgang Kandek. “However, the information disclosed are SSH keys, which are widely used for automation of system administration tasks and interactive logins.”

An attacker would have to have control of the SSH server to launch an attack, he explained. “This means the attacker is already at system administrator level on the server that users connect to, which is already an exceptional security situation and should be pretty rare,” said Kandek. “But if the attacker has control of the SSH server, he can implement the exploit and then gain access to the private keys of the users - these private keys can then be used to impersonate the user and log into other systems. Since SSH is often used to automate system administration processes, getting a such a private key would provide very broad access to an infrastructure.”

The buffer overflow flaw requires a pair of non-default options – a ProxyCommand coupled with either ForwardAgent (-A) or ForwardX11 (-X) – to be exploited, which Qualys said mean t it was “unlikely to have any real-world impact.”

The advisory said the vulnerable versions of OpenSSH – from 5.4 through 7.1 – “can be easily hot-fixed by setting the undocumented option “UseRoaming” to “no.”

Kandek noted that the roaming feature as “experimental” and designed to “add robustness to SSH sessions” and let users reconnect, but because it is “not fully implemented it should be transparent to turn it off in the OpenSSH config file, which is the recommended mitigation for users that cannot patch at this point in time.” 

In Version 7.1p2 that feature is disabled by default.