Lucene search

K
ibmIBM1DB67D28EA507C3EEE43EC7C9B6948F4C6EBA0D06A2F4BD34B5277064AB40DE4
HistoryDec 08, 2018 - 4:55 a.m.

Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)

2018-12-0804:55:34
www.ibm.com
20

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

Question

Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)

Answer

Summary

Aspera software is not affected by a bug that has been found in OpenSSH’s client software. A bug in the OpenSSH client has been found to create an exploitable information leak, which could allow malicious servers to steal a client’s private keys. This issue only affects OpenSSH clients for versions 5.4 - 7.1.

Specifically, the vulnerability occurs in the_roaming_ feature for OpenSSH client, which is by default turned on. See the link below for more information.

CVEID: CVE-2016-0777

Effect

Aspera products use their own embedded SSH clients which are run with no options and ascp does not make use of OpenSSH configurations.

Therefore this security issue does NOT AFFECT any Aspera products.

[{“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Product”:{“code”:“SS8NDZ”,“label”:“IBM Aspera”},“Component”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

CPENameOperatorVersion
ibm asperaeqany

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P