Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: OpenSSH Vulnerability SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OpenSSH Vulnerability

OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4.

A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.

[1] http://www.openssh.com/txt/gcmrekey.adv

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3733 Posts
ISC Handler
This makes for a nice change. It gets boring patching only BIND, MySQL, Wordpress, Oracle Java and Adobe products over and over.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!