[unisog] [jullrich@sans.org: OpenSSH Vulnerability]

H. Morrow Long morrow.long at yale.edu
Tue Sep 16 15:07:05 GMT 2003


ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz

No announcement yet on the OpenSSH website (nor any of the other
usually places -- except for the Full Discolosure list:

http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010148.html .

- Morrow

Laurie Zirkle wrote:

> ----- Forwarded message from "Johannes B. Ullrich" <jullrich at sans.org> -----
> Just a quick note that a new version of OpenSSH was released this
> morning to address a bug that may be exploitable. No public exploit code
> so far, but plenty of rumors about this issue being used to compromise
> some systems.




More information about the unisog mailing list