Well-Known Member
May 10, 2003
Miami, FL
Repost from RS forums

OpenSSH Buffer Exploit
Severity: CRITICAL

There have been several reports of a new ssh bug, with an exploit seemingly in the wild.

1. Versions affected:

All versions of OpenSSH's sshd prior to 3.7 contain a buffer management error. The attack makes an enormous amount of ssh connections and attempts various offsets until it finds one that works permitting root login. Priv sep does *not* seem to stop the attack (unless its on OpenBSD). Hosts.allow/deny will stop it as will any very restrictive firewall rules.

2. Solutions:

If you do any of this, you do so at your own risk and I take no responsibility if you hose your box.

Upgrade to OpenSSH 3.7 or use this patch

Openssh 3.7p1 on the master ftp:

For Debian stable users:
apt-get update
apt-get upgrade
Debian Security List post

For Redhat Users:
Redhat has not *yet* released a patch however you can manually install the 3.7p1 or use the patch

For Gentoo Users:
This is a workaround since ebuild update isnt there yet
cd /usr/portage/net-misc/openssh/
cp openssh-3.6.1_p2.ebuild openssh-3.7_p1.ebuild
emerge -f openssh-3.7_p1.ebuild
ebuild openssh-3.7_p1.ebuild digest
emerge openssh-3.7_p1.ebuild
/etc/init.d/sshd restart

Please note this is just a repost FYI. I do not answer questions about it, nor I take any responsibility.