zex

Well-Known Member
Aug 12, 2001
98
0
306
cPanel Access Level
Root Administrator
According to latest news about bug in ssh this seems to be more dangerous than recent apache bug.

It's much easier exploitable than recent apache hole.
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Systems running with UsePrivilegeSeparation yes or ChallengeResponseAuthentication no are not affected.

Here is ISS advisory http://www.openssh.com/txt/iss.adv
and here is openssh advisory http://www.openssh.com/txt/preauth.adv
It's strongly recomended upgrading openssh to 3.4 version.
 

snowgod

Well-Known Member
Sep 23, 2001
73
0
306
we already have a thread on this http://forums.cpanel.net/read.php?TID=3532

just trying to keep things centralized :)