The next provider to kill the virus OpenSSH roaming announced in January is Juniper Networks.
Best part of the insect, as we noted at the time, was that the transfer function has been added as an experiment in 2010 (in version 5.4), and was undocumented.
The idea is to keep the roaming session OpenSSH if there was a connection failure - which happens very often in the mobile world, for example, when a client moves between cellular towers / base stations.
In his analysis of the error, Qualys found that roaming, the customer performs buffer private keys, and a sophisticated control server a malicious attacker may be able to recover the key. If it was a low-key is not protected by a password, which would then be able to remove the key to recover.
Juniper says consultant running Junos operating system platforms are vulnerable to CVE-2016-0777 and a second edition (least severe), CVE-2016-0778, a buffer overflow. the operating system screen is not affected.
For Juniper, the problem arises because OpenSSH provides access from a device on the system Junos operating to SSH servers, so it's time to upgrade.
