Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Portable OpenSSH 3.7.1p1 is vulerable!

  • 23-09-2003 9:38pm
    #1
    Typedef
    Closed Accounts Posts: 5,564 ✭✭✭


    If you updated your ssh servers to 3.7.1p1 not five days ago because of a potential DoS bug, be advised you must update to 3.7.1p2 asap.

    Portable (3.7.1p1) is vulnerable...
    http://developers.slashdot.org/developers/03/09/23/1736243.shtml?tid=126&tid=156&tid=172

    Not it's worth noting the OpenBSD version.
    Implement Privsep if not in use and update your wild facing ssh servers.

    Tis armageddon.


Comments

  • #2
    tom-thebox
    Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Originally posted by Typedef
    If you updated your ssh servers to 3.7.1p1 not five days ago because of a potential DoS bug, be advised you must update to 3.7.1p2 asap.

    Portable (3.7.1p1) is vulnerable...
    http://developers.slashdot.org/developers/03/09/23/1736243.shtml?tid=126&tid=156&tid=172

    Not it's worth noting the OpenBSD version.
    Implement Privsep if not in use and update your wild facing ssh servers.

    Tis armageddon.

    Hello Typedef

    Thanks for the heads up, cert only issued a warning yesterday stating it only the buffer management flaw effect prior to 3.7.1

    Just for the record redhat released rpms with a patch for 3.1 wonder if that is effect by the latest problems.

    http://www.cert.org/advisories/CA-2003-24.html

    Reminds me of the time I upgraded ssh on a openbsd server last year or so and it ended up the update i used had been mixed up with a virus via one of gobbles security exploits which effect the main openssh.org site.


Advertisement