-
1
- #1
This bug was announced at bugtrack 24. june. Please upgrade and patch old sshd to 3.3 and use the privilegde seperation. Don't know if there is any worms yet, eating it's way through linuxboxes all over the world, but I'll expect them to come. Nobody want's a rooted server, patch NOW! Tomorrow is probably to late!
Exploits of this kind are ugly, when they are in so widely used software.
Read this:
"The OpenSSH team has reported that a vulnerability exists in OpenSSH. The vulnerability is allegedly remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The technical nature of this vulnerability is not yet known. The OpenSSH development team has reported that systems using the OpenSSH privilege-separation feature are not exploitable. A fix and further technical details are not yet available."
Exploits of this kind are ugly, when they are in so widely used software.
Read this:
"The OpenSSH team has reported that a vulnerability exists in OpenSSH. The vulnerability is allegedly remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The technical nature of this vulnerability is not yet known. The OpenSSH development team has reported that systems using the OpenSSH privilege-separation feature are not exploitable. A fix and further technical details are not yet available."
