Linux Today: Linux News On Internet Time.

More on LinuxToday

OpenSSH update (Zero-day exploit?)

Jul 08, 2009, 20:32 (0 Talkback[s])


Full Text Search: The Key to Better Natural Language Queries for NoSQL in Node.js

"So, I'm not pursuaded that an 0day exists at all. The only evidence so far are some anonymous rumours and unverifiable intrusion transcripts.

"Speculating as to what an exploit, should it exist, might consist of:

"The two issues of note that have been fixed since openssh-4.3 are the aforementioned signal race (in 4.4) and a privsep signature verification weakness (in 4.5). I doubt that it is the race condition as not even Mark Dowd was able to make an working exploit from it. The privsep weakness could be used to escalate privilege out of some other unknown flaw, but it would not grant access by itself."

Complete Story

Related Stories: