OpenSSH update (Zero-day exploit?)

"So, I'm not pursuaded that an 0day exists at all. The only evidence so far are some anonymous rumours and unverifiable intrusion transcripts.

"Speculating as to what an exploit, should it exist, might consist of:

"The two issues of note that have been fixed since openssh-4.3 are the aforementioned signal race (in 4.4) and a privsep signature verification weakness (in 4.5). I doubt that it is the race condition as not even Mark Dowd was able to make an working exploit from it. The privsep weakness could be used to escalate privilege out of some other unknown flaw, but it would not grant access by itself."

Complete Story

Related Stories:

• Names Pipes... or how to get two separate applications to interact(Jun 30, 2009)
• Creating Secure Tunnels With ssh(Jun 18, 2009)
• SSH From Your Mobile Device(Jun 10, 2009)
• SSH Tunnels: Using a service from a nated (twice) box(Jun 08, 2009)
• OpenSSH chink bares encrypted data packets(May 19, 2009)
• SSHerminator - Nice split screen terminal emulator and SSH client(Feb 19, 2009)
• More Fun With SSH(Feb 19, 2009)
• Keeping Your ssh Connection Alive(Feb 11, 2009)
• Definitive Linux Remote System Access Guide(Feb 04, 2009)