SSH Secure Shell 3.0.0 Remote Hole 77
SSH Communications Security Corp
(ssh.com/ssh.fi)
announced on bugtraq last night that their commercial product SSH
Secure Shell 3.0.0
is
a
gaping remote hole
on various unixes. Technically it's not a root hole, but remote access to users like "adm," "bin," "daemon," and "sys" is not good. Strangely, I don't see an announcement on their
homepage.
If you're running the
$99 workstation version
or the
$475 server version,
go upgrade to 3.0.1 now because it's an amazingly
trivial exploit
(especially
on Solaris,
but also on other unixes, excluding NetBSD and OpenBSD which are not affected at all). If you're
using
OpenSSH,
or some other program you didn't pay for, no worries.
SSH Secure Shell 3.0.0 Remote Hole More Login
SSH Secure Shell 3.0.0 Remote Hole
Related Links Top of the: day, week, month.
Slashdot Top Deals