OpenSSH -- remote exploit

2001-02-09T00:00:00
ID DSA-027
Type debian
Reporter Debian
Modified 2001-02-09T00:00:00

Description

  1. Versions of OpenSSH prior to 2.3.0 are vulnerable to a remote arbitrary memory overwrite attack which may lead to a root exploit.
  2. CORE-SDI has described a problem with regards to RSA key exchange and a Bleichenbacher attack to gather the session key from an ssh session. Both of these issues have been corrected in our ssh package 1.2.3-9.2. We recommend you upgrade your openssh package immediately.