OpenSSH client issues in roaming support (CVE-2016-0777 and CVE-2016-0778)

Information leak (CVE-2016-0777)

It was discovered that an information leak existed in the resend_bytes() function in the OpenSSH client. A malicious SSH server could trick the OpenSSH client into sending arbitrary memory contents which may include the private SSH key. This issue affects OpenSSH clients in the default configuration.

Buffer overflow (CVE-2016-0778)

It was discovered that a buffer overflow existed in a number of functions dealing with roaming support in the OpenSSH client. A malicious SSH server could trick the OpenSSH client into unintentionally overwriting certain areas of its memory. This issue does not affect OpenSSH clients in the default configuration. The ProxyCommand and either of the ForwardAgent or ForwardX11 options must be used in order for OpenSSH clients to be vulnerable to this issue.


These issues were fixed in OpenSSH in 7.1p2. Ubuntu 12.04 LTS (Precise), Ubuntu 14.04 LTS (Trusty), Ubuntu 15.04 (Vivid), and Ubuntu 15.10 (Wily) were affected. To address the issue, ensure that openssh 1:5.9p1-5ubuntu1.8 (Ubuntu 12.04 LTS), openssh 1:6.6p1-2ubuntu2.4 (Ubuntu 14.04 LTS), openssh 1:6.7p1-5ubuntu1.4 (Ubuntu 15.04), and/or openssh 1:6.9p1-2ubuntu0.1 (Ubuntu 15.10) are installed. These updates were announced in USN 2869-1.

The information leak flaw (CVE-2016-0777) may have revealed portions or all of the client's private SSH key if the client was used to connect to a malicious SSH server in the past. A server could be considered malicious if it was administrated by an untrusted party. Trusted servers could also be considered malicious if they've ever been previously compromised in a way that allowed the attacker to install a different SSH server. If you suspect that you've connected to such servers prior to installing the updated openssh packages, you should generate a new SSH key pair. If you generate a new SSH key pair, best practice indicates you should remove the old public key from the authorized_key files of any SSH servers that you connect to regularly.


The Ubuntu Security team encourages everyone to apply the openssh security updates mentioned in the section above. If the updated packages cannot be installed immediately, both issues can be mitigated via SSH configuration files by using the undocumented UseRoaming option to disable roaming support in the OpenSSH client. Either adjust the global /etc/ssh/ssh_config file or the per-user ~/.ssh/config file to include "UseRoaming no".


  • 2016 Jan 12: The Ubuntu Security team is notified by Qualsys via the linux-distros list, with a pending CRD of 2016-01-14 17:00 UTC
  • 2016 Jan 14: Issue becomes public

  • 2016 Jan 14: Ubuntu security updates are made available

  • 2016 Jan 14: Qualys discloses their findings


SecurityTeam/KnowledgeBase/OpenSSHClientRoaming (last edited 2016-01-15 15:04:03 by jdstrand)