What Causes the Flaw to occur?
- An information sharing flaw (CVE-2016-0777)
- A less harmless buffer overflow flaw (CVE-2016-0778)
Impact of the Vulnerability
"The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys."
"The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers."
Who is Affected by the Serious Flaw?
How to Fix the Flaw?
echo 'UseRoaming no' | sudo tee -a /etc/ssh/ssh_config
echo "UseRoaming no" >> ~/.ssh/config