New ssh Exploit in the Wild

veg writes "In the last few hours there have been several reports of a new ssh bug, with an exploit seemingly in the wild. Oh god not again... The lengths some people will goto to try and damage Theo's pride." Update: 09/17 00:24 GMT by T : friscolr writes "Hot on the heels of rev 1 of the buffer.adv advisory, here is revision 2, which fixes more than revision 1 did. Also see the 3.7.1 release notes."

very early

[ceswiedler]

At this point basically no one (publically) seems to know what the exploit is. If you want to find out about exploits THIS early, then you should be reading those mailing lists yourself. I appreciate it when Slashdot informs me of a patch I need to apply, but really, I'd rather hear about it once the exploit is actually understood and the patch is available.

What's the next article going to be: "Linus Torvalds is in the MIDDLE OF A SENTENCE describing the future for 2.6! In four seconds, we'll finish hearing what he has to say!"

Re:interesting comment on how to stop it...

[JoeBuck]

The suggestion to "upgrade" to lsh is stupid. This bug is only public knowledge because the OpenSSH people have already fixed it.

Re:MOD PARENT DOWN

[Penguinshit]

And anyone who doesn't patch a known vulnerability, whether "exploitable" or not, is a +5 Fucking_Idiot.