What the real effects are of the latest Open SSH bug?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Can someone tell me what the real effects are of the latest Open SSH bug?

I have been reading quite a bit, but have not found/read about any actual
exploit; nor do I see, myself, how it could be exploited even. And can it
bypass the 'privilege separation'? And even if, if no root-logins are
allowed (I consider allowing root-logins tantamount to having your system
misconfigured anyway), could root be compromised?


- Mark

        System Administrator Asarian-host.org

"If you were supposed to understand it,
we wouldn't call it code." - FedEx

Re: What the real effects are of the latest Open SSH bug?

Mark wrote:
Quoted text here. Click to load it

I think it's mostly hype right now, people hear "buffer" & "overflow"
and they totally forget about the part that says "maybe possible, not
sure". I upgraded anyway, just because I always like to have the newest
stuff, but I myself don't see ssh as being real-life exploitable be
these means, not until it's proven with actual code, not just in theory.
Supposedly, a host could receive many,many connections at once, and
something about that would allow a root exploit- the details I saw were
real foggy too- like I said, I think it's more hype right now than anything.
On the other hand, if you're running an Internet server that provides
ssh along with many other services, it's always a good idea to be
rock-solid, because we're getting attacked all the time. Not a week goes
by that I don't get at least one half-way decent attempt on my system-
usually wanna-be hackers & script kiddies, but still....

-------------------------nonoffensive sig.v1.0RC1----------------------
 >> jayjwa >> Reg.Linux user #207147

Maildrop:jayjwa AT hotmail.com -- 4 Spammers: mailto: listme@listme.dsbl.org

Site Timeline