Threat Level: green Handler on Duty: Tom Webb

SANS ISC: OpenSSH Vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSH Vulnerability

OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4.

A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.

[1] http://www.openssh.com/txt/gcmrekey.adv

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3532 Posts
ISC Handler
This makes for a nice change. It gets boring patching only BIND, MySQL, Wordpress, Oracle Java and Adobe products over and over.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!