Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 616
Alerts This Week
Warning Icon 1 616

Gentoo: 200305-01 Moderate OpenSSH Timing Attack Information Leak

gentoo
Calendar Grey May 2, 2003
Dist Gentoo Esm H88
Discover a critical flaw in OpenSSH that could result in unintended leakage of user information. Prompt action is recommended to safeguard your systems.
Mediaservice.net has discovered a bug in OpenSSH that allows attackersto identify valid users on vulnerable systems.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-01
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

Mediaservice.net has discovered a bug in OpenSSH that allows attackersto identify valid users on vulnerable systems.
Read the full advisory at

SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/openssh upgrade to openssh-3.6.1_p2 as follows:
emerge sync emerge openssh emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - - ---------------------------------------------------------------------

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

PACKAGE : openssh
SUMMARY : timing attack leads to information disclosure
DATE : 2003-05-02 10:03 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =openssh-3.6.1_p2
CVE : CAN-2003-0190

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround