Slashdot Mirror

← Back to Stories (view on slashdot.org)

New SSH Vulnerabilities Discovered

Posted by timothy on from the this-too-shall-pass dept.

possible writes "Rapid7 has discovered a new class of vulnerabilities affecting SSH2 implementations from many vendors. These vulnerabilities affect a wide variety of SSH servers and SSH clients. Rapid7 designed an SSH protocol test suite called SSHredder. The SSHredder test suite contains a large number of SSH2 protocol binary test cases, and is released under the BSD license. Rapid7's testing has revealed many defects in products such as F-Secure, SSH.com, PuTTY, etc. OpenSSH and GNU LSH are not affected." Some of the affected vendors have released fixed versions, and some say there's nothing exploitable about the reported holes.

1 of 33 comments (clear)

  1. Go Slashdot! by Cave+Dweller · · Score: 0, Offtopic

    2002-12-16 21:30:02 Multiple Flaws In SSH Implementations (articles,security) (rejected)