Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

new ssh vulnerability

From a higher-up at the UW:
Not that we need another crisis, but it *is* Friday afternoon. ;)

I have not yet been able to get confirming exploit code, but a group
I trust has been discussing a previously undiscussed vulnerability
in sftp in at least OpenSSH prior to 3.6.  This vulnerability
has supposedly been known in the underground for two years
(and may be related to the GNU ftp server advisory CERT sent out
recently.)

I would advise *everyone* using OpenSSH to upgrade immediately
to the latest version, or at least disable sftp (which is on by
default) if you are not using it.

I will send more information when I can confirm things.
Subscribe

  • no go

    Two friends of mine were pretty enthusiastic about the Go language, so I tried writing a program in it yesterday. It is frustrating because despite…

  • playing with vala

    I actually was toying with making something like Vala back in college. It's pretty cute. Much like using the sane subset of C++, as you write code…

  • chromium.el

    This weekend I wrote some Emacs Lisp to write some utility functions I find useful for hacking on Chromium. It's fun to have a reason to use Lisp!…

  • Post a new comment

    Error

    switch
    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 6 comments