OpenSSH Flaw Could Leak Crypto Keys

Qualys on Thursday reported a flaw in the OpenSSH client that could let a hacker steal the client's private crypto keys. The bug is the result of an undocumented feature called "roaming" that exists in version 5.4, released March 8, 2010, and above. It's one of two vulnerabilities that a malicious SSH server or a trusted but compromised server can exploit, Qualys said. The other is a heap-based buffer overflow. OpenSSH issued a fix for the information leak Thursday.

from TechNewsWorld http://ift.tt/1RM1bjK