Vulnerability In SSH1

Please create an account to participate in the Slashdot moderation system

×

Vulnerability In SSH1 118

Posted by Hemos on Friday February 09, 2001 @11:31AM from the no-good-for-any-one dept.

matt666 writes "Bindview released an advisory yesterday warning us that "[a]n integer-overflow problem is present in common code of recent ssh daemons, deattack.c, which was developed by CORE SDI to protect against cryptographic attacks on SSH protocol. [...] This effectively allows an attacker to overwrite arbitrary portions of memory". Practically all common versions of SSH1 are affected, except OpenSSH 2.3.0." A whole slew of people have written in regarding this - from the folks at SmoothWall advising of an update, to a bunch of people just saying "Oh No!". My understanding is that a fix is already in the works.

This discussion has been archived. No new comments can be posted.

Vulnerability In SSH1

Search 118 Comments Log In/Create an Account

Comments Filter:

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.