CVE-2016-0777

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.x through 7.x before 7.1p2

Description The issue is related to the resend bytes function in roaming common.c, which allows remote servers to obtain sensitive information from process memory. This can be achieved by requesting the transmission of an entire buffer, potentially exposing private keys. The vulnerability is also associated with errors in cryptographic key management. Additionally, there is a heap-based buffer overflow caused by improper bounds checking in the packet write wait() and ssh packet write wait() API functions when using non-default options such as ProxyCommand and either ForwardAgent or ForwardX11. This could allow a remote attacker to overflow a buffer, execute arbitrary code, or cause the application to crash.

Recommendations For OpenSSH versions 5.x through 7.x before 7.1p2, update to version 7.1p2 or later to resolve the issue. As a temporary workaround, consider disabling the resend bytes function until a patch is available. Restrict access to the packet write wait() and ssh packet write wait() API functions when using non-default options to minimize the risk of exploitation.