News Register Control Panel Private Messages Members List Team Search News Posts About Us

OpenSSH Vulnerability
  Author: nulldevice
Added: 09/17/2003
Type: Advisory
Viewed: 75 time(s)
[ Not Rated Yet ]


A vulnerability has been discovered in OpenSSH. This vulnerability appears to have been exploited to compromise machines at a few ISPs. We highly recommend upgrading to the version 3.7p1 which was released earlier today.

This bug may not be exploitable on some platforms (e.g. OpenBSD) but could be exploitable on others (e.g. Linux).

Currently, there is no widely available exploit. However, there are some rumors about intrusions using this vulnerability to compromise systems.


(*) Block access to port 22 from untrusted IP addresses
(*) Enable the 'Privilege Separation feature. It is not clear if this will prevent the current exploit. But it is likely to make any compromise harder

at the time of this writing, no major Linux distribution released an official update.

Related links:

Portable OpenSSH Source:

OpenSSH Web site:

OpenSSH Advisory:

As always: Verify PGP signatures for any patches or files you download.

Article Pages:  1  

How would you rate this article:    Bad Good   Go � 

� Copyright Linux Advisory 2003. All rights reserved.
We are not responsible for the comment and story contributed by users.