Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSH Legacy Certificate Information Disclosure Vulnerability

If generating a legacy certificate using the "-t" option, a vulnerability could be exploited by attackers to gain knowledge of sensitive information. If legacy certificates have been issued using OpenSSH version 5.6/5.7, consider rotating any CA key used. OpenSSH recommend upgrading to version 5.8 available here or apply this patch.
 

[1] http://www.openssh.com/txt/legacy-cert.adv

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

515 Posts
ISC Handler
Feb 5th 2011

Sign Up for Free or Log In to start participating in the conversation!