HEAD's UP: possible 0day SSH exploit in the wild

To: debian-security@lists.debian.org
Subject: HEAD's UP: possible 0day SSH exploit in the wild
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Tue, 7 Jul 2009 17:05:20 -0300
Message-id: <[🔎] 20090707200520.GB12184@khazad-dum.debian.net>

As usual, you may want to either raise shields (i.e. disable/restrict access
to the ssh service), or pay extra attention to what is happening on your SSH
inbound gateways...

http://lwn.net/Articles/340360/
http://isc.sans.org/diary.html?storyid=6742
http://secer.org/hacktools/0day-openssh-remote-exploit.html

Yes, it could be a hoax, and I sure hope that's all it is...

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: HEAD's UP: possible 0day SSH exploit in the wild
  - From: Clemens Pfaffinger <clpfaffinger@gmail.com>

Prev by Date: Re: chat messages encryption
Next by Date: Re: HEAD's UP: possible 0day SSH exploit in the wild
Previous by thread: Re: Handling personal/self(WebOfTrust) pgp/gpg private keys.
Next by thread: Re: HEAD's UP: possible 0day SSH exploit in the wild
Index(es):
- Date
- Thread