[linux-sec-uk] OpenSSH buffer management error
James Fidell
linux-sec-uk at mailman.lug.org.uk
Tue Sep 16 20:15:08 2003
Quoting James Davis (jamesd@jml.net):
> Am sure you've already heard of today's announcement of the flaw in
> OpenSSH detailed at http://www.openssh.com/txt/buffer.adv but I felt this
> affects enough people to justify a posting to this list. Exploits are in
> the wild already so upgrade to OpenSSH 3.7 (see your vendor or
> openssh.com) or apply the patch provided at OpenSSH.com
And if you have lots of servers to sort out and need a quick fix first,
blocking untrusted connections with tcpwrappers may be a good option.
James