Slashdot Mirror

← Back to Stories (view on slashdot.org)

New SSH Vulnerabilities Discovered

Posted by timothy on from the this-too-shall-pass dept.

possible writes "Rapid7 has discovered a new class of vulnerabilities affecting SSH2 implementations from many vendors. These vulnerabilities affect a wide variety of SSH servers and SSH clients. Rapid7 designed an SSH protocol test suite called SSHredder. The SSHredder test suite contains a large number of SSH2 protocol binary test cases, and is released under the BSD license. Rapid7's testing has revealed many defects in products such as F-Secure, SSH.com, PuTTY, etc. OpenSSH and GNU LSH are not affected." Some of the affected vendors have released fixed versions, and some say there's nothing exploitable about the reported holes.

1 of 33 comments (clear)

  1. many eyes = shallow bugs by Anonymous Coward · · Score: 0, Troll
    OpenSSH and GNU LSH are not affected

    That's right. Because open source is proven to have less defects than closed source, like putty.