Pierluigi Paganini January 17, 2016

It has been fixed the OpenSSH vulnerability that can be exploited to steal crypto keys from vulnerable clients.

Recently a critical vulnerability in OpenSSH has been fixed, the flaw can leak secret cryptographic keys. The flaw affects end users version of OpenSSH and not server side implementations. Many experts compared the effects of this flaw to the one demonstrated with the exploitation of the Heartbleed vulnerability in the OpenSSL crypto library.

The vulnerability was introduced by code developed to enable an experimental roaming feature in OpenSSH versions 5.4 to 7.1.

“The OpenSSH client code between 5.4 and 7.1 contains experimental support for resuming SSH-connections (roaming). The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys.” states the advisory published this week. “The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers”

An attacker can configure a server to exploit the vulnerability in OpenSSH and to access the contents of the memory of the user’s PC. With this attack is is possible to capture also the private encryption key used for SSH connections.

The flaw was discovered by experts from the Qualys security firm which confirmed that an attacker can exploit the flaw in the OpenSSH only after the end user has been successfully authenticated by the malicious server.

“The information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client’s version, compiler, and operating system) allows a malicious SSH server to steal the client’s private keys.” reads an advisory from Qualys.

OpenSSH end users have two options to mitigate the issue, the first one is to update vulnerable software, but in case it isn’t possible it is suggested to disable the roaming feature by adding the string UseRoaming no to the global ssh_config(5) file or to the user configuration in ~/.ssh/config, or by entering -UseRoaming=no on the command line.

Experts at Qualys do not exclude that a persistent attacker like an intelligence agency may have already exploited the flaw in the OpenSSH by compromising legitimate servers.

“This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly,” continues Qualys.

Pierluigi Paganini

(Security Affairs – OpenSSH , hacking)