CentOS, OpenSSH, PCI, CVE-2016-10009

ssh pci-dss centos7

This is a vulnerability where a malicious ssh server can attack the client if the client has connected with ssh-agent forwarding, and has somehow gotten a malicious file installed on the client's filesystem.

I also think TrustWave has vastly overestimated the importance of this issue.

That said, the obvious workaround is to disable agent forwarding in /etc/ssh/sshd_config.

AllowAgentForwarding no

Keep in mind that if the server is compromised, the attacker can just remove that and then wait for hapless admins to connect with their agents. So it's kind of a ridiculous workaround.

Related

How to install Microsoft Edge browser on Windows 10 Enterprise LTSB
How to connect networks from different projects, VPC peering analogue
Network Drive attached as SCSI Dropping the W/R speed on bigger files
Centos 7 Router & firewalld
ZFS Shares not exported until sharenfs property re-set on Ubuntu 16.04
MongoDB "too many files open" even after setting limits
How do I force Anaconda's SCAP add-on to let me use a USB keyboard?
Windows Server stuck on Checking for Updates
Installing yum packages on airgapped (offline) CentOS 6 system
AWS Instance not access metadata server with IP
Nginx proxy_pass root and specific url only
Why can't you promote a server to a domain controller if certificate services are installed?