Is SMA vulnerable to OpenSSH Vulnerabilities CVE-2016-0777 or CVE-2016-0778?
03/26/2020 2 12141
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.
These are vulnerabilities on the CLIENT side when a client tries to connect to a malicious server.
SMA is vulnerable to these vulnerabilities in the following scenario:
If a user launches CT/ODT and an SSH session is started from the appliance as administrator to an untrusted server.
If SSH access is provided through to end users (Workplace or CT)
Therefore, to mitigate these vulnerabilities, it is recommended not to start an SSH session from the SMA to an untrusted host.