Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Portable OpenSSH 3.7.1p1 is vulerable!

  • 23-09-2003 8:38pm
    #1
    Closed Accounts Posts: 5,564 ✭✭✭


    If you updated your ssh servers to 3.7.1p1 not five days ago because of a potential DoS bug, be advised you must update to 3.7.1p2 asap.

    Portable (3.7.1p1) is vulnerable...
    http://developers.slashdot.org/developers/03/09/23/1736243.shtml?tid=126&tid=156&tid=172

    Not it's worth noting the OpenBSD version.
    Implement Privsep if not in use and update your wild facing ssh servers.

    Tis armageddon.


Comments

  • Closed Accounts Posts: 1,414 ✭✭✭tom-thebox


    Originally posted by Typedef
    If you updated your ssh servers to 3.7.1p1 not five days ago because of a potential DoS bug, be advised you must update to 3.7.1p2 asap.

    Portable (3.7.1p1) is vulnerable...
    http://developers.slashdot.org/developers/03/09/23/1736243.shtml?tid=126&tid=156&tid=172

    Not it's worth noting the OpenBSD version.
    Implement Privsep if not in use and update your wild facing ssh servers.

    Tis armageddon.

    Hello Typedef

    Thanks for the heads up, cert only issued a warning yesterday stating it only the buffer management flaw effect prior to 3.7.1

    Just for the record redhat released rpms with a patch for 3.1 wonder if that is effect by the latest problems.

    http://www.cert.org/advisories/CA-2003-24.html

    Reminds me of the time I upgraded ssh on a openbsd server last year or so and it ended up the update i used had been mixed up with a virus via one of gobbles security exploits which effect the main openssh.org site.


Advertisement