View Single Post
  #3  
Old 01-19-2016, 04:08 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 935
Summary
CVE-2016-0777 (information leak) and CVE-2016-0778 (buffer overflow) vulnerabilities are not applicable to VanDyke Software products.

Description
CVE-2016-0777 (information leak) and CVE-2016-0778 (buffer overflow) vulnerabilities are specific to OpenSSH client code from version 5.4 to 7.1 in which some left-over code from an experimental "roaming" feature is the root cause of these vulnerabilities.
VanDyke Software products do not share or use OpenSSH code, nor is the "roaming" feature implemented or supported in any way. These vulnerabilities are not applicable to any VanDyke Software product.
Products Affected
These vulnerabilities are not present in any VanDyke Software products.

Details
The information leak (CVE-2016-0777) is specific to the OpenSSH support of a "resume@appgate.com" key exchange algorithm and an SSH protocol request of "roaming@appgate.com", both of which are directly tied to OpenSSH's experimental "roaming" feature, which is not present in any VanDyke Software product.

The buffer overflow vulnerability (CVE-2016-0778) is also specific to OpenSSH support of the experimental "roaming" feature, which is also not present in any VanDyke Software product.

Recommended Solution
VanDyke Software products arenít vulnerable to either CVE-2016-0777 or CVE-2016-0778.

Official Postings
https://www.qualys.com/2016/01/14/cv...-2016-0778.txt

.
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support