OpenSSH client roaming vulnerabilities

Oct 10, 2023

Summary

Security flaws in the OpenSSH client's connection resume (roaming) feature allow malicious servers to steal private data or crash the connecting client.

Vulnerability ID	Vulnerability Overview
CVE-2016-0777	A flaw in the connection resume feature could allow a fake or hacked SSH server to silently steal secret information from the connecting user's computer. This stolen data can include the user's highly sensitive private SSH keys.
CVE-2016-0778	A memory error in the same connection resume feature could allow a malicious server to crash the user's SSH software. Under certain network configurations, it could also allow the server to run harmful commands directly on the user's machine.

Affected Supported TeraStations

TS6000
TS5010
TS3020/3010

Back to Security Notices

Date	Description
10/10/2023	Initial release

Back to Security Notices

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Latest Article

Buffalo Americas Product Life Cycle Status Change Notice - BS-MP2008 & BS-MP2012 Business Switches

OpenSSH client roaming vulnerabilities