Flaws flagged in OpenSSH

A pair of security vulnerabilities in a suite of tools used to send encrypted traffic to servers could let attackers run code on affected servers or cause denial-of-service attacks.

The flaws exist in OpenSSH, which replaces programs such as Telnet and FTP with secure versions, granting users an encrypted means of communicating with servers. The vulnerabilities affect OpenSSH Versions 2.3.1p1 through 3.3, according to an advisory from CERT Coordination Center. The flaws are in two types of authentication modules. An affected version of the software ships with the OpenBSD operating system. Users also might have downloaded and installed affected versions for other platforms. Users should upgrade to OpenSSH 3.4 or apply the patch available.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now