Security Bulletin: OpenSSH client bug (CVE-2016-0777 and CVE-2016-0778)
Aspera software is not affected by a bug that has been found in OpenSSH’s client software. A bug in the OpenSSH client has been found to create an exploitable information leak, which could allow malicious servers to steal a client’s private keys. This issue only affects OpenSSH clients for versions 5.4 - 7.1.
Specifically, the vulnerability occurs in the_roaming_ feature for OpenSSH client, which is by default turned on. See the link below for more information.
CVEID: CVE-2016-0777
Aspera products use their own embedded SSH clients which are run with no options and ascp
does not make use of OpenSSH configurations.
[{“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Product”:{“code”:“SS8NDZ”,“label”:“IBM Aspera”},“Component”:“”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“All Versions”,“Edition”:“”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]
CPE | Name | Operator | Version |
---|---|---|---|
ibm aspera | eq | any |