Critical Alert OpenSSH Vulnerability

[nlinecomputers]

A big hole was discovered in OpenSSH and a exploit is free and in the wild. Patch your systems at once!CERT Advisory CA-2003-24Read story on Slashdot. "New ssh Exploit in the Wild"Look at the Red hat updates and Mandrake updates here on Scots for latest patches.( I'll be posting on both in a few minutes.)

[Guest LilBambi]

I have moved this to the Security and Networking since SSH is not just a Linux thing (Putty, etc. that run under Windows use SSH as well as other SSH clients).

[Guest LilBambi]

OpenSSH.org annouces: OpenSSH 3.7.1 released September 16, 2003OpenSSH client ports for various OSes are listed on the left hand side of the pages.FYI: The Putty page doesn't list an update to the new version as yet. Edited September 16, 2003 by LilBambi

[nlinecomputers]

I have moved this to the Security and Networking since SSH is not just a Linux thing (Putty, etc. that run under Windows use SSH as well as other SSH clients).

Thanks, I wasn't sure which thread group will get more people informed about it. But this is probably the better place for it.

[Guest LilBambi]

Your welcome Nathan

[nlinecomputers]

According to mandrakesoft more vulnerabilities have been found so they have issued a newer patch to cover it. Expect more patches from the other Distro makers as the day goes on.If you patched your system allready I would be ready to do so again.Note and Edit: The CERT Advisory has been updated to reflect this new information.