OpenSSH Vulnerability
OpenSSH announced that OpenSSH 6.2 and 6.3 are vulnerable to an authenticated code execution flaw. The vulnerability affects the AES-GCM cipher. As a quick fix, you can disable the cipher (see the URL below for details). Or you can upgrade to OpenSSH 6.4.
A user may bypass restrictions imposed to the users account by exploiting the flaw, but the user needs valid credentials to take advantage of the flaw.
[1] http://www.openssh.com/txt/gcmrekey.adv
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Keywords: ssh
1 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments
Anonymous
Nov 11th 2013
1 decade ago