Vulnerability: OpenSSH Challenge Response Handling

CERT, courtesy of an ISS X-Force alert, reports that there are two related vulnerabilities in the challenge response handling code in OpenSSH versions 2.3.1p1 through 3.3. This may allow a remote intruder to execute arbitrary code as the user running sshd (often root). Read the ISS report here

Join the newsletter!

Error: Please check your email address.

More about CERT AustraliaISS GroupX-Force

Show Comments