All the latest UK technology news, reviews and analysis
|
|
|
08 Mar 2002
Multiple Linux distributions released a security advisory yesterday detailing a security flaw in the OpenSSH connectivity protocol.
Suse, Connectiva and OpenBSD were among those that warned about the vulnerability yesterday.
OpenSSH is a secure encrypted suite of tools often used to replace Telnet, Rlogin and FTP, and is commonly used for remote administration.
But a security bug in versions 2.0 up to 3.0.2 can be exploited to execute arbitrary code on the process under attack.
This can mean the local SSH client, userID of a connected client user, or a remote secure shell daemon that has an authenticated user session running, attacking the root account of the remote system.
The bug can be exploited both on the remote side by an already authenticated user and on the local side if a malicious server attacks the connected client, making it doubly dangerous to both the server and the connected clients.
By way of defence, OpenSSH developers recommend upgrading to version 3.1 which was also released yesterday.
More details and the upgrade can be found here.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
BUSINESS SYSTEMS DIRECTOR (You will ideally have worked...
Application Production Engineer - Application Engineer...
C#/ C++ * Software Engineer* 3D Graphics skills - Global...
Senior Low Latency Consultant, Low Latency Project Management...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?