Is SMA vulnerable to OpenSSH Vulnerabilities CVE-2016-0777 or CVE-2016-0778?

Description

CVE-2016-0777-

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.

CVE-2016-0778-

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.

Ref:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778

Resolution

These are vulnerabilities on the CLIENT side when a client tries to connect to a malicious server.  
SMA is vulnerable to these vulnerabilities in the following scenario: 
If a user launches CT/ODT and an SSH session is started from the appliance as administrator to an untrusted server.
If SSH access is provided  through to end users (Workplace or CT)  
Therefore, to mitigate these vulnerabilities, it is recommended not to start an SSH session from the SMA to an untrusted host. 

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community