Those are two very different issues. :) But yeah on systems that do not implement ASLR it can leak heap memory.
Qualys did a great job on this find.
Easy mitigations are to use an ssh-agent instead and disable roaming on the clients (no official Crapple patch yet though if you are using keychain you have an ssh-agent so you're fine [that is private key not stored in the same process space as client] and Host *\nUseRoaming=no >> ~/.ssh/ssh_config).
Sending pub keys are not a bad thing... if you are trying to build a foot print then collecting keys are interesting. Best practice is to generate key pairs for every system you connect to but in practicality by organization is fair (ie. different key for github, home, nifty, work etc.) and leveraging ssh-agent makes that rather painless.
Yeah, I'm not dead... just not at a proper personal computron much these days.
-- Sean
On Jan 21, 2016, at 12:14 AM, jd jd@wcgwave.ca wrote:
ssh (certain version) appears to volunteer rather much, before getting down & crypty.
via nixCraft (on facecrack) ** https://www.facebook.com/nixcraft/posts/1217637954916247
Fix: http://www.cyberciti.biz/faq/howto-openssh-client-security-update-cve-0216-0...
** Image attached - termscrot of ssh attempt on a fake nastynode, via nixCraft: ssh_Caution_nixCraft.png
<ssh_Caution_nixCraft.png>_______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable