http://www.theregister.co.uk/2009/07/08/openssh_exploit_rumour/
http://secer.org/hacktools/0day-openssh-remote-exploit.html
We first heard these rumors a couple days ago, but sat on it because there was no evidence at the time, and no one is served by the release of fake exploit reports.
The very latest versions of OpenSSH are apparently immune – this makes us think of a few posibilities:
- Denial of Service condition from years past found to be exploitable
- An old exploit was not correctly patched
- A new vulnerability was found that was accidentally fixed by a later patch.
If you’re running older versions of SSH, upgrade to the latest.
UPDATES:
OpenSSH UNIX dev list http://marc.info/?l=openssh-unix-dev&m=124705272824524&w=2
SANS http://isc.sans.org/diary.html?storyid=6742
One thing is for certain – modern versions of OpenSSH are NOT affected.
Did you enjoy this article? Please subscribe to our our RSS feed or Security Alerts email list.
Comments on this entry are closed.