Quantcast

Vulnerability in all openssh versions 3.6x and earlier

From: "InfraGard"
Subject: [Infragard_secured] OpenSSH Vulnerability
Date: Tue, 16 Sep 2003 11:39:27 -0500

Dear Members,

This is intended to be a quick heads-up to InfraGard members.

There appears to be a major OpenSSH vulnerability that is quietly being exploited at some high-profile targets. OpenSSH 3.7p1 was released earlier this am. Linux appears to be particularly vulnerable; no clear information on others such as OpenBSD, nor other
versions/implementations of SSH.

Note that there are many implementations of SSH that run on many devices, including network appliance-class devices.

Until more information is available, system operators should patch your systems to OpenSSH >= 3.7p1 and check your firewalls allowing SSH only from trusted sources.

InfraGard Team