Multiple Linux distributions released a security advisory yesterday detailing a security flaw in the OpenSSH connectivity protocol.
Suse, Connectiva and OpenBSD were among those that warned about the vulnerability yesterday.
OpenSSH is a secure encrypted suite of tools often used to replace Telnet, Rlogin and FTP, and is commonly used for remote administration.
But a security bug in versions 2.0 up to 3.0.2 can be exploited to execute arbitrary code on the process under attack.
This can mean the local SSH client, userID of a connected client user, or a remote secure shell daemon that has an authenticated user session running, attacking the root account of the remote system.
The bug can be exploited both on the remote side by an already authenticated user and on the local side if a malicious server attacks the connected client, making it doubly dangerous to both the server and the connected clients.
By way of defence, OpenSSH developers recommend upgrading to version 3.1 which was also released yesterday.
More details and the upgrade can be found here.
RISC OS 5 to form the basis of RISC OS Open after Castle Technology sells to RISC OS Developments
A smartphone maker fiddling its benchmarking scores? That's unusual, isn't it?
'We are making good progress on 10nm,' claims Intel
Engineer calculates that Chengdu's plan to replace streetlights with artificial moonlight would cost $100bn