writes "Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. [...] This effectively allows an attacker to overwrite arbitrary portions of memory". Practically all common versions of SSH1 are affected, except OpenSSH 2.3.0."
A whole slew of people have written in regarding this - from the folks at SmoothWall
advising of an update, to a bunch of people just saying "Oh No!". My understanding is that a fix is already in the works.