[Dshield] OpenSSH Vulnerability

Johannes Ullrich jullrich at sans.org
Wed Jun 26 16:11:46 GMT 2002


  The OpenSSH project, and ISS, released details on the 
OpenSSH vulnerability (and ver. 3.4 of openssh). If you
can't upgrade right now, the simple solution is to disable
the challenge response authentication. Only very few people
will use it anyway.

  However, you should upgrade to 3.4 soon. It has a new
'privilege separation' mechanism, that promisses to lessen
the impact of possible future vulnerabilities.

  BTW: I hope everyone got their Apache servers up to date.


-- 
---------------------------------------------------------------
jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20020626/e2785590/attachment.bin


More information about the list mailing list