Is SMA vulnerable to OpenSSH Vulnerabilities CVE-2016-0777 or CVE-2016-0778?

Description

CVE-2016-0777-

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVE-2016-0778-

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Ref:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778

Resolution

These are vulnerabilities on the CLIENT side when a client tries to connect to a malicious server.  
SMA is vulnerable to these vulnerabilities in the following scenario: 
If a user launches CT/ODT and an SSH session is started from the appliance as administrator to an untrusted server.
If SSH access is provided  through to end users (Workplace or CT)  
Therefore, to mitigate these vulnerabilities, it is recommended not to start an SSH session from the SMA to an untrusted host. 

Related Articles

  • How to Provision SMA1000 in Monthly Billing (MSSP Program)
    Read More
  • SMA 1000 Series Support Matrix
    Read More
  • How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community
Chat