Whispers of a new OpenSSH bug have been floating around & today an updated OpenSSH version, 3.7 has been released. The bug is affecting all versions prior to 3.7, so if you run OpenSSH on your OpenBSD boxen or a portable version on another OS, then upgrade or apply the patch.
Even though it's a bit up in the air regarding remote / local root exploitation at the moment, there are people stating they have copies of a private exploit which works.
Anyway, as we all know - Bugs (security releated or not) can be trouble and should be ironed out when possible.
minerva# ssh -V
OpenSSH_3.7, SSH protocols 1.5/2.0, OpenSSL 0.9.7-beta3 30 Jul 2002
UPDATE: OpenSSH 3.7.1 has been released, which fixes more bugs similar to the initial Buffer Management Bug. Again, upgrade or apply the patch (< = v3.6.1). If you're running 3.7, upgrade & if you're running old code also, you'd probably be advised to upgrade to 3.7.1.
minerva# ssh -V
OpenSSH_3.7.1, SSH protocols 1.5/2.0, OpenSSL 0.9.7-beta3 30 Jul 2002
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved before your comment will appear.)