[ISN] OpenSSH flaw is a hoax warn researchers
InfoSec News
alerts at infosecnews.org
Fri Jul 10 03:50:17 CDT 2009
http://www.techworld.com/security/news/index.cfm?newsID=118941
By Jeremy Kirk
IDG news service
10 July 2009
Security researchers have warned that a reported flaw in OpenSSH (Secure
Shell) is a probable hoax.
Earlier this week, SANS received an anonymous email claiming of a
zero-day vulnerability in OpenSSH, which means a flaw in the software is
already being exploited as it becomes public. OpenSSH (Secure Shell), is
used by administrators to make encrypted connections with other
computers and do tasks such as remotely updating files. OpenSSH is the
open-source version, and there are commercial versions of the program.
A true zero-day vulnerability in OpenSSH could be devastating for the
Internet, allowing hackers to have carte blanche access to servers and
PCs until a workaround or a patch is readied.
"That's why I think people are actually creating quite a bit of a
panic," said Bojan Zdrnja, a SANS analyst and senior information
security consultant at Infigo, a security and penetration testing
company in Zagreb, Croatia. "People should not panic right now. Nothing
at this time points that there is an exploit being used in the wild."
[...]
More information about the ISN
mailing list