Reset Search
 

 

Article

VN 2016 001 OpenSSH CVE-2016-0777/0778

« Go Back

Vulnerability Notice

 
Vulnerability Summary
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Background (From CVE Project)
CVE-2016-0777  OpenSSH
   Release Date:  Jan 14, 2016
   CVSS v2 base score:  4.0 (Medium)

CVE-2016-0778 OpenSSH
   Release Date: Jan 14, 2016
   CVSS v2 base score:  6.5 (Medium)

Impact 
Allows unauthorized disclosure of information
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
 
ExtremeXOS (all products)Fixed 
A, B, C, D, G, I and 800 Series Fixed SwitchesNo 
IDS/IPS Yes
IdentiFi WirelessFixed
N, K, SSA, and S Modular SwitchesNo
NetSightFixed
NAC (IA)Fixed
PurviewYes
Ridgeline No
Security Information & Event ManagerInvestigating 
Summit WM3000 SeriesNo
X-Series Secure Core Router Investigating 
XSR (X-Pedition Security Router)No
Impact Details
ExtremeXOS (all products)
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component: EXOS SSH client
  • Describe conditions when component Vulnerability occurs(why/when/how): Roaming is enabled by default in the OpenSSH client, and contains two vulnerabilities that can be exploited by a malicious SSH server (or a trusted but compromised server): an information leak (memory disclosure), and a buffer overflow(heap-based).
  • Product version(s) affected:  15.7 and later
  • Workaround: No workaround is available, but risk of exploitation can be reduced by restricting ssh client connection to trusted hosts only.
  • Fixed in: 22.1.1,  21.1.2,  16.2.1,  16.1.3patch1-8, 15.7.3 Patch 1-8
A, B, C, D, G, I and 800 Series Fixed Switches
  • Vulnerable Yes / No: No
  • Vulnerable Component: na
  • Describe conditions when component Vulnerability occurs (why/when/how):  Product runs a patched version of OpenSSH 4.3p2.
  • ​Product version(s) affected: na
  • Workaround: na
  • Target Fix Release: na 
  • Target Month for Fix Release: na
IDS/IPS
  • Vulnerable Yes / No: Yes
  • Vulnerable Component: Dragon Appliance
  • Describe conditions when component Vulnerability occurs (why/when/how):  Issue occurs when using the SSH Client on the appliance
  • ​Product version(s) affected: All Versions
  • Workaround:  On affected Appliance:
    edit /etc/ssh/ssh_config
    add the following line to the bottom of the file:
    UseRoaming no
  • Target Fix Release:  none planned
  • Target Month for Fix Release: n/a
IdentiFi Wireless​
Extreme Networks Wireless Controllers:
  • Vulnerable Yes / No: Fixed
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected: all supported versions
  • Workaround:
  • Fixed In:  v10.11.01
Extreme Networks Wireless 26xx series APs
  • Vulnerable Yes/ No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
Extreme Networks Wireless 36xx, 37xx, 38xx and 39xx series APs
  • Vulnerable Yes/ No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
N, K, SSA, and S Modular Switches
  • Vulnerable Yes / No: No
  • Vulnerable Component: na
  • Describe conditions when component Vulnerability occurs(why/when/how):  Product runs a patched version of OpenSSH 2.2
  • Product version(s) affected: na
  • Workaround: na
  • Target Fix Release: na
  • Target Month for Fix Release: na
NetSight
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component: NetSight Appliance
  • Describe conditions when component Vulnerability occurs(why/when/how): Issue occurs when using the SSH Client on the appliance
  • Product version(s) affected: All Versions
  • Workaround: On affected Appliance:
    edit /etc/ssh/ssh_config add the following line to the bottom of the file:
        UseRoaming no
  • Fixed In:  v7.0.3,  v6.3.0.179
NAC
  • Vulnerable Yes / No: Yes  - Fixed
  • Vulnerable Component: NAC Appliance
  • Describe conditions when component Vulnerability occurs(why/when/how): Issue occurs when using the SSH Client on the appliance
  • Product version(s) affected: All Versions
  • Workaround: On affected Appliance:
    edit /etc/ssh/ssh_config add the following line to the bottom of the file:
        UseRoaming no
  • Fixed In:  v7.0.3,  v6.3.0.179
Purview
  • Vulnerable Yes / No: Yes
  • Vulnerable Component: Purview Appliance
  • Describe conditions when component Vulnerability occurs(why/when/how): Issue occurs when using the SSH Client on the appliance
  • Product version(s) affected: All Versions
  • Workaround: edit /etc/ssh/ssh_config add the following line to the bottom of the file:
        UseRoaming no
  • Target Fix Release: NetSight 6.3, NetSight 7.0
  • Target Month for Fix Release: March 2016
Ridgeline
  • Vulnerable Yes / No: No
  • Vulnerable Component: n/a
  • Describe conditions when component Vulnerability occurs(why/when/how): n/a
  • Product version(s) affected: n/a
  • Workaround: n/a
  • Target Fix Release: n/a
  • Target Month for Fix Release: n/a
Security Information & Event Manager
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Summit WM3000 Series
  • Vulnerable Yes / No: No
  • Vulnerable Component: None
  • Describe conditions when component Vulnerability occurs(why/when/how):  The issue involves SSH client.  Product runs the server.
  • Product version(s) affected: none
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
X-Series Secure Core Router
  • Vulnerable Yes / No: Investigating
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how):
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
XSR (X-Pedition Security Router)
  • Vulnerable Yes / No: No
  • Vulnerable Component:
  • Describe conditions when component Vulnerability occurs(why/when/how): The SSH module in the XSR is not OPEN SSH
  • Product version(s) affected:
  • Workaround:
  • Target Fix Release:
  • Target Month for Fix Release: ( optional)
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the setup of the computer network and how the local IT team wants to address the situation. Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network. Update the software, identified in this Notice, in your Extreme Networks products by replacing it with the latest releases from Extreme Networks including those listed above.

Firmware and software can be downloaded from www.extremenetworks.com/support.
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks.
 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255