Intrusion Prevention

OpenSSH.Server.Roaming.key.Exchange.Algorithm.Detection

Description

This indicates an attack attempt against an Information Disclosure vulnerability in OpenSSH Client.
The vulnerability is caused by an error when the vulnerable software connects with a malicious ssh server. A remote attacker can exploit this to gain private keys from vulnerable clients.

Affected Products

OpenSSH 5.x, 6.x, and 7.x before 7.1p2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
http://www.openssh.com/txt/release-7.1p2

CVE References

CVE-2016-0778 CVE-2016-0777