[unisog] [jullrich@sans.org: OpenSSH Vulnerability]

Walter G. Aiello Walter.Aiello at Duke.edu
Tue Sep 16 19:37:15 GMT 2003

Red Hat Networks has a patch which is now available to up2date:

H. Morrow Long wrote:
> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
> No announcement yet on the OpenSSH website (nor any of the other
> usually places -- except for the Full Discolosure list:
> http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html 
> http://lists.netsys.com/pipermail/full-disclosure/2003-September/010148.html 
> .
> - Morrow
> Laurie Zirkle wrote:
>> ----- Forwarded message from "Johannes B. Ullrich" <jullrich at sans.org> 
>> -----
>> Just a quick note that a new version of OpenSSH was released this
>> morning to address a bug that may be exploitable. No public exploit code
>> so far, but plenty of rumors about this issue being used to compromise
>> some systems.

Walter G. Aiello, Ph.D.
Manager, Network and Information Services
Magnetic Resonance Research Section
Box 3808, Department of Radiology
Duke University Medical Center

Walter.Aiello at Duke.edu
(919) 684 7519

Confidentiality Notice: This e-mail message, including any
attachments, is for the sole use of the intended recipient(s)
and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is
prohibited.  If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies
of the original message.

More information about the unisog mailing list