Author: JT Smith
From LWN.net: There are several weaknesses in various implementations of the SSH
(Secure Shell) protocols. When exploited, they let the attacker obtain
sensitive information by passively monitoring encrypted SSH sessions.
The information can later be used to speed up brute-force attacks on
passwords, including the initial login password and other passwords
appearing in interactive SSH sessions, such as those used with su.
Versions of OpenSSH 2.5.2 and later have been fixed to reduce the
impact of these traffic analysis problems, and as such all Linux-
Mandrake users are encouraged to upgrade their version of openssh
immediately.
(Secure Shell) protocols. When exploited, they let the attacker obtain
sensitive information by passively monitoring encrypted SSH sessions.
The information can later be used to speed up brute-force attacks on
passwords, including the initial login password and other passwords
appearing in interactive SSH sessions, such as those used with su.
Versions of OpenSSH 2.5.2 and later have been fixed to reduce the
impact of these traffic analysis problems, and as such all Linux-
Mandrake users are encouraged to upgrade their version of openssh
immediately.
Category:
- Linux
