Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: 200305-01 Moderate OpenSSH Timing Attack Information Leak

gentoo
Calendar Grey May 2, 2003
Dist Gentoo Esm H88
Discover a critical flaw in OpenSSH that could result in unintended leakage of user information. Prompt action is recommended to safeguard your systems.
Mediaservice.net has discovered a bug in OpenSSH that allows attackersto identify valid users on vulnerable systems.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-01
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------


Mediaservice.net has discovered a bug in OpenSSH that allows attackersto identify valid users on vulnerable systems.

Read the full advisory at 


SOLUTION

It is recommended that all Gentoo Linux users who are running
net-misc/openssh upgrade to openssh-3.6.1_p2 as follows:

emerge sync
emerge openssh
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory Gentoo information leak remote exploit timing attack

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

PACKAGE : openssh
SUMMARY : timing attack leads to information disclosure
DATE : 2003-05-02 10:03 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =openssh-3.6.1_p2
CVE : CAN-2003-0190

Topics%20covered

Topics Covered

security advisory Gentoo information leak remote exploit timing attack

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Related News

Your message here