Results 1 to 4 of 4


  1. #1


    From what I got on /. the exploit is already in the wild. Upgrade to 3.7p1 ASAP!

  2. #2
    Senior Member
    Join Date
    Sep 2002


    Is there really an exploit? The advisory says "It is uncertain whether this error is potentially exploitable". On the debian-security mailing list there's a discussion going on and the consensus seems to be that, yes, better update you system but no reports on this bug actually leading to an exploit have been filed.

    Anyways, fellow debian users do an apt-get update && apt-get upgrade and are save. The patched version has just been accepted to both stable and unstable (20:41+0200).

  3. #3
    Senior Member
    Join Date
    Apr 2002



    has anyone updated Openssh-3.5p1-1 on RH7.3. The updates on RHN are for Openssh-3.1p1-10. It seems that Openssh > Openssh-3.5p1-1 needs Openssl-0.9b. Upgrading this results in a lot of dependency conflicts. The latest source also needs

    Any ideas? I suppose I could down-grade to Openssh3.1p1-10 but, I don't want to.

  4. #4


    i believe that there wasn't an exploit when 3.7 was released and now there is, but it's still not public.

    as for the redhat issue, there is a patch avalible you can apply to your version

Similar Threads

  1. Serious IE exploit
    By cloverm in forum Windows - General Topics
    Replies: 6
    Last Post: 12-27-2003, 04:39 AM
  2. PHP exploit found!  DANGER!
    By Killer_Penguin in forum Linux - Hardware, Networking & Security
    Replies: 3
    Last Post: 02-27-2002, 03:42 PM
  3. PHP exploit found
    By Killer_Penguin in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 02-27-2002, 03:09 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts