OpenSSH 3.7.1 Security Advisory: Critical Buffer Overflow Risk
Sep 22, 2003
•
Anthony Pell
1 min read
Topics Covered
It's become a busy week for *Nix sysadmins with the release of patches over the last few days to resolve vulnerabilities with popular applications including Sendmail, openSSH and DB2.. . . It's become a busy week for *Nix sysadmins with the release of patches over the last few days to resolve vulnerabilities with popular applications including Sendmail, openSSH and DB2.
Those *Nix techies enjoying a sense of schadenfreude as their Windows sysadmin colleagues toiled to defend Windows systems against Blaster, Sobig, Nachi et all over the last month now have some work on their hands.
First, users of the popular OpenSSH security package need to upgrade to version 3.7.1 because of a buffer overflow flaw.
The vulnerability could allow an attacker to corrupt heap memory and trigger a denial-of-service condition. "It may also be possible for an attacker to execute arbitrary code," security clearing house CERT warns. CERT's advisory contains a links to patches from software distros that contain OpenSSH code and to OpenSSH project's own update.
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!