Recently, an important vulnerability was found in one of the most popular versions of the open shell protocol – the OpenSSH from 54 to 7.1. In short, the bug could force users to leak their private keys.
The bug was discovered on January 11 and has since then been patched, but the damage may have already been done. Catalin Cosoi, Chief Security Strategist at Bitdefender, has urged all system administrators who connect to potentially untrusted SSH servers to update any vulnerable clients immediately.
"The flaw is triggered by a feature that has only been partially implemented in the application, which deals with sudden disconnects and reconnects to the SSH server, and is affecting OpenSSH versions 5.4 through to 7.1,” said Cosoi.
“If the system administrator or user connects to a rogue OpenSSH server with a vulnerable OpenSSH client, the server can arbitrarily leak parts of the victim computer's RAM contents, including private keys or other sensitive data in a manner similar to the Heartbleed bug.
“Although this vulnerability cannot be exploited remotely, we urge all system administrators, tech support staff, and general end-users who connect to potentially untrusted SSH servers to update any vulnerable clients immediately. Other than connecting to untrusted or compromised SSH servers, other attack avenues include DNS manipulations to forward traffic from a legitimate server to a compromised one, social engineering, or even honeypot SSH servers planted by hackers to read the private keys from legitimate ones.”
The media have reported how this vulnerability was in the wild for years, only adding to the urgency.