OpenSSH: information leak in ssh client (CVE-2016-0777)

This document (7017154) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 (SLES 12)
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 (SLES 11 SP3)

SUSE Linux Enterprise Server 12 for SAP Applications Service Pack 1
SUSE Linux Enterprise Server 12 for SAP Applications
SUSE Linux Enterprise Server 11 for SAP Applications Service Pack 4
SUSE Linux Enterprise Server 11 for SAP Applications Service Pack 3

Expanded Support 7 (RES 7)

Situation

Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called "roaming":
If the connection to a SSH server breaks unexpectedly and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session.
Although roaming is not supported by the OpenSSH server, it is enabled by default in the OpenSSH client and contain an information leak (memory disclosure that can be exploited by a malicious SSH server or a trusted but compromised server).

Imporant: As mentioned above this is a Client vulnerability, not a server vulnerability.

Resolution

To ensure your servers are safe you have to install the following patches provided by SUSE:

SLES 12 & SLES 12 SP1 - affected (not exploitable; OpenSSH 6.6)
SUSE Patch was released on January 14th, 2016
openssh-6.6p1-33.1
openssh-cavs-6.6p1-33.1
openssh-fips-6.6p1-33.1
openssh-helpers-6.6p1-33.1

SLES 11 SP4 - affected (not exploitable; OpenSSH 6.6)
SUSE Patch was released on January 14th, 2016
openssh-6.6p1-16.1
openssh-cavs-6.6p1-16.1
openssh-fips-6.6p1-16.1
openssh-helpers-6.6p1-16.1

SLES 11 SP3 - affected (OpenSSH 6.2; only for keys >4k)
SUSE Patch was released on January 14th, 2016
openssh-6.2p2-0.24.1
openssh-askpass-6.2p2-0.24.1
SLES 11 SP2 - safe & NOT affected (OpenSSH 5.1p1)
SLES 11 SP1 - safe & NOT affected (OpenSSH 5.1p1)

SLES 10 SP4 - safe & NOT affected (OpenSSH 5.1p1
SLES 10 other SP - not affected

Expanded Support 7 (RES 7) - affected
Patch has been released 15th January 2016
openssh-6.6p1-23.el7_2.1
Expanded Support 5 & 6 (RES 5 & RES 6) - not affected

The vulnerable roaming code can be permanently disabled by adding the undocumented option "UseRoaming no" to the system-wide configuration file (usually /etc/ssh/ssh_config), or per user configuration file (~/.ssh/config), or command-line (-o "UseRoaming no").

SUSE also recommends recreating all client keys, at least the important ones. It is not known that this was already exploited but it is possible.

Cause

Additional Information

Link to CVE-2016-0777

The information leak (CVE-2016-0777) is exploitable in the default configuration of the OpenSSH client and (depending on the clients version and compiler) allows a malicious SSH serer to steal the clients private keys.

To check if your system is affected you can simply run:

ssh -v user@host

and if you find the following message:

debug1: Roaming not allowed by server

your system is affected. The client workaround is to run with "-o UseRoaming=no" (or set "UseRoaming no" in ssh_config as explained above):

ssh -v -o UseRoaming=no user@host

and the message should ge gone.

Details on this can also be found in this Qualys advisory . SUSE would like to thank Qualys for the detailed report of this issue.

For CVE-2016-0778 please review TID#7017155

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.