Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: OpenSSH Legacy Certificate Information Disclosure Vulnerability SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSH Legacy Certificate Information Disclosure Vulnerability

If generating a legacy certificate using the "-t" option, a vulnerability could be exploited by attackers to gain knowledge of sensitive information. If legacy certificates have been issued using OpenSSH version 5.6/5.7, consider rotating any CA key used. OpenSSH recommend upgrading to version 5.8 available here or apply this patch.
 

[1] http://www.openssh.com/txt/legacy-cert.adv

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

451 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!