Flaws in OpenSSH could put servers at risk

A pair of security vulnerabilities in a suite of tools used to send encrypted traffic to servers could allow attackers to run code of their choice on affected servers or cause denial of service attacks, according to a handful of security alerts released Wednesday.

The flaws exists in OpenSSH, a suite of tools that replaces such programs as Telnet and FTP (File Transfer Protocol) with secure versions, granting users an encrypted means of communicating with servers. Telnet and FTP are applications used to connect to servers, make changes to them and upload files, among other things.

The vulnerabilities affect OpenSSH versions 2.3.1p1 through 3.3, according to an advisory released Wednesday by the CERT Coordination Center (Computer Emergency Response Team/Coordination Center), a government-funded computer security body based at Pittsburgh’s Carnegie Mellon University. The flaws are in two different types of authentication modules in the software, according to CERT/CC.

An affected version of the software ship with the OpenBSD operating system. Users may have downloaded and installed affected versions for other platforms as well.

Users should upgrade to OpenSSH 3.4 or apply the patch available at http://www.openssh.com/txt/preauth.adv

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now