According to latest news about bug in ssh this seems to be more dangerous than recent apache bug.
It's much easier exploitable than recent apache hole.
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Systems running with UsePrivilegeSeparation yes or ChallengeResponseAuthentication no are not affected.
Here is ISS advisory http://www.openssh.com/txt/iss.adv
and here is openssh advisory http://www.openssh.com/txt/preauth.adv
It's strongly recomended upgrading openssh to 3.4 version.
It's much easier exploitable than recent apache hole.
At least one major security vulnerability exists in many deployed OpenSSH versions (2.9.9 to 3.3). Systems running with UsePrivilegeSeparation yes or ChallengeResponseAuthentication no are not affected.
Here is ISS advisory http://www.openssh.com/txt/iss.adv
and here is openssh advisory http://www.openssh.com/txt/preauth.adv
It's strongly recomended upgrading openssh to 3.4 version.
